Click here to subscribe today or Login.
Luzerne County’s administration has shut down some computer servers and work stations to address a cyber attack discovered last weekend, officials said.
On Wednesday morning, county Administrative Services Division Head David Parsnik said the clean-up process may take several days to complete.
By the afternoon, the administration sent workers an email indicating the servers may be shut down until Monday to “properly remediate any damage caused by the recent virus introduced into our system.”
Among the computer shutdown impacts observed by a reporter Wednesday afternoon:
• The computerized property assessment records system was down in the assessor’s office.
• While real estate deeds were accepted and time-stamped by office workers, they couldn’t be entered into the computer system for viewing by the public, including title searchers. A “service down” message was on the Landex Remote deed access system Wednesday.
• As of Wednesday afternoon, no county civil court filings appeared in the computerized prothonotary docket for Tuesday or Wednesday.
• Fewer computers were operational in the county clerk of courts office.
County Court Administrator Michael Shucosky said court branch employees had to manually process jury paperwork for a trial and were making other adjustments.
“Court employees are working very hard to minimize disruptions, but in a world where we’re dependent on computers, it will take a huge effort by staffers,” Shucosky said.
What happened
According to Parsnik:
The unknown attackers likely got into the system through an email attachment unknowingly opened by a worker.
County computer network monitoring systems started issuing warnings about unusual virus activity on Saturday afternoon, prompting the administration to shut down impacted systems to prevent it from spreading.
The attack appears to have been limited to county courthouse servers.
The county 911 department and emergency management agency have a different isolated server. The county’s May 21 election results also were kept on a standalone network that was not impacted.
There’s no evidence at this time that the attack originated from another country, and it is not a situation where the county has been locked out of its computer systems pending payment of a ransom.
Information technology workers do not believe any confidential information was taken, although some files may have been corrupted.
As a result, the information technology department shut down any server that may have been attacked as a precaution. Each server will be scanned to determine if any viruses are present and then rebuilt to erase any viral effects. Every computer station also must be checked.
Parsnik said the virus may have entered the system some time ago, designed to remain dormant until a time when it may be activated with less chance of being detected — such as the weekend before Memorial Day.
County departments had implemented emergency operation plans on how to conduct businesses without interruption during such situations, Parsnik said.
“There will be some disruptions while we clean this up, but for the most part, there will be no disruption to daily services,” Parsnik said.
Prevention efforts
Many malicious attacks are blocked by firewalls and detected by warning systems, but all it takes for infiltration is one corrupt email attachment, Parsnik said.
Due to concerns about cyber threats, the county last year started flagging all incoming emails from non-county senders with a notice reminding staff not to open attachments or click links unless they are sure it is safe.
The county also added a new $26,000-a-year advanced threat protection program in last year’s Microsoft Corp. contract renewal.
County Information Technology Director Mauro DiMauro had informed county council that coverage was needed due to more attacks attempting to access confidential data or disrupt operations.
“The cybersecurity community has been reporting a steady increase in the level of sophistication employed by cybercriminals,” DiMauro said last year. “Over the last year or so, attacks have become more targeted and include more familiar details to fool victims into thinking an email or web popup is legitimate.”