Juvenile court computer system hacked
LISBON – Columbiana County’s juvenile court computer system was hacked before Memorial Day weekend, with officials paying a $2,883 “ransom” to regain access to records captured in the cyberattack.
“It’s one of those things that you don’t want to pay a ransom to a criminal, but we didn’t have any choice,” said county juvenile/probate court judge Thomas Baronzzi.
The cyberattack began just minutes before juvenile court closed for the day on May 26, which was a Thursday. Baronzzi said staff arrived for work the next day to discover its system had been hacked and they were locked out. “It didn’t take anything. What it does is encrypt all the data so you can’t get access,” he said of the ransomware virus.
The anonymous hackers demanded to be paid 5.4 bitcoin – the equivalent of $2,883 – in exchange for a password that would grant the court access to its records. After the money was paid the hackers sent a file that returned control of the system to the court.
“We got everything back without any loss of data or damage to the system,” Baronzzi said.
The county’s insurance carrier sent experts to determine if any confidential records had been compromised, and Baronzzi said it does not appear files containing personal information on juveniles and others were accessed.
“This was a very advanced virus that has plagued a lot of people and entities across the country and the state of Ohio,” Baronzzi said of this particular ransomware known as Locky.
Ohio State Auditor David Yost sent out a news release afterwards warning local governments about being targeted by hackers using ransomware, although it did not mention the county by name since it had yet to pay the ransom. The state noted that a township in Morrow County was targeted by ransomware but did not pay anything because the township’s data had been backed up, providing it with a duplicate copy.
Juvenile court’s electronic records were automatically backed up on site once a day after closing time, but the Locky ransomware attack began before that could occur. The new system installed in response to the cyberattack automatically backs up files every two hours, including at an off-site location.
County Auditor Nancy Milliken said her records are backed up on site and at two off site locations to provide several layers of redundancy. “It could happen to any one of us,” she said of the cyberattack, “but you take every step to protect yourself to ensure it doesn’t, and that’s why we have all these backups,” she said.
Baronzzi said a review of their system also determined there was a gap in the firewall, which contributed to the problem. He said they now employ multiple firewalls.
“We’ve had to double down on everything … because there is no guarantee you will not be hit,” he said, which is why security systems are constantly being upgraded. “No matter how good your security it’s always a race against the next virus.”
The good news is juvenile court’s system was a stand-alone system and not connected to any other county systems, which means the ransomware was unable to spread.
As mentioned above, the hackers demanded to be paid in bitcoin, a digital payment system with its own units of value that imitate traditional currency. “I had to learn about bitcoin real fast,” Baronzzi said.
Officials arranged to make the $2,883 ransom payment through a Youngstown computer company that makes transactions using bitcoin, with the company charging a $105 processing fee. The entire payment was covered by the county’s insurance carrier.
Starting June 2, the money was transferred over three days into an digital “wallet” before it was transferred again. Baronzzi said the address was a long string of numbers and characters, and investigators told him it was likely transferred several times before reaching its final destination.
A report was filed with the county sheriff’s office and the Ohio Bureau of Investigation, which said the likely culprits were cybercriminals from another country and likely from overseas.
County commissioners supported Baronzzi’s decision.
“After being informed of this we considered our options, and there was no way to get that information back” without paying the ransom, said commission chairman Mike Halleck.