A statement from the Mobile County Commission June 2 announced malware had been discovered in Mobile County systems and certain systems were shut down to contain the matter before being securely restored. County systems are now operational.
A statement released the next day said the incident is under an investigation that could take weeks and only a small part of the network was affected. Systems associated with the Personnel Board, Sheriff’s Office and License Commission are on separate networks and were not affected.
“Once final determinations are made, we will respond accordingly,” the statement said. “To the extent that the forensics process determines that sensitive information has been compromised, Mobile County will alert affected individuals directly.”
Abe Harper, who owns Harper Technologies, was not involved in the investigation and has no direct knowledge of the situation, but said the quiet, limited and professional nature of the county’s response is in line with cybersecurity protocol.
“If you give out too much information, you run the risk of the people that did it knowing that you are onto them, and they go underground and they hide,” Harper said. “If you have good backups, you have good intel and you have a good IT department, you don’t have to give out anything; [you just need to] do the prerequisites, which is identify those who’ve been breached, tell somebody who’s affected and then go after the bad guys.”
The proper response for malware, he said, is much like the response for a virus or COVID-19: quarantining infected systems. Though the response can look different depending on the situation.
“You can’t treat the flu the same way you would treat a sinus infection,” Harper said. “That’s the first step — identify that you have a problem and then identify what that problem is. And then you react accordingly to it.”
Malware can be any kind of software that has a malicious intent for the user and their data, he said. The county has not made public what kind of malware affected their systems.
Last month, a ransomware attack on the East Coast’s Colonial Pipeline prompted the shutdown of pipelines for 11 days, causing panic buying and rising gas prices. Ransomware encrypts and holds a user’s data hostage, restricting its use and demanding money in exchange for the data’s release, which is often threatened to be shared.
“Despite how much of your information they may have, despite how many times they promise that they won’t ransom you again, that they won’t share your information, you don’t pay the ransom,” Harper said. “That’s the general rule of thumb. Colonial Pipeline broke that rule very intentionally, to the tune of $5 million, and still didn’t get that data back.”
On June 7, federal authorities announced more than $2 million of the ransom Colonial Pipeline paid to DarkSide, a Russian hacker ring, had been recovered.
“There’s no honor among thieves, as they say,” Harper said.
Spokespeople for the county have declined to offer any more specific information than what has been shared through public statements.
“In a situation like this, it would be a disservice to them and to the process to be speculative about what they haven’t said, because what they are doing is the exact methodology that’s correct for identity and remedy of a problem,” Harper said.
This page is available to our local subscribers. Click here to join us today and get the latest local news from local reporters written for local readers. The best deal is found by clicking here. Check it out now.