Click here to subscribe today or Login.
Luzerne County is calling in an outside vendor to help assess the extent of damage caused by a cyber attack that has prompted the administration to shut down some computer work stations and servers, county Administrative Services Division Head David Parsnik said Thursday afternoon.
The shutdown was necessary to prevent spreading of the virus, which was detected by the county’s network monitoring systems last Saturday afternoon, Parsnik has said.
Cut off from computers, workers in many county offices have been unable to access data or upload documents and information handled by their offices, including property assessment records, deeds and civil court filings. Computerized prison records also have been inaccessible during the shut-down, Parsnik said.
Parsnik said the outside vendor — Florida-based cyber security and digital data forensics firm Sylint Group, Inc. — will work with Microsoft Corp. to perform a full assessment known as a remediation and provide a prognosis report on what remains infected and must be fixed.
However, the results are not expected until Sunday morning because it takes 48 to 72 hours to complete this type of analysis, he said.
Sylint was recommended by the County Commissioners Association of Pennsylvania, Parsnik said. The cost has not been finalized, although Parsnik said the county has no choice because the attack is an emergency situation.
Instead of doing nothing while waiting for the prognosis report, the county information technology department has started building a new computer network, anticipating the report may indicate that action is partially or fully necessary, he said.
“We don’t want to waste time. If we don’t start rebuilding the network, we will be several days behind,” Parsnik said.
In the interim, the administration plans to set up a few new temporary computer work stations in each office that are not linked to the compromised network and will allow workers to access data needed to perform services through a server deemed clean, he said.
County Manager C. David Pedri stressed Thursday that county government is still open for business. Departments are following contingency plans designed to keep services operational during emergencies and unforeseen disruptions, he said.
The attack appears to have been limited to the county courthouse network, Parsnik said.
The county 911 department system and May 21 primary election results are kept on segregated servers and were not impacted, he said.
The computer server for Children and Youth and other human services offices does not appear to be infected, but it also was shut down to ensure the virus couldn’t reach it, he said.
Employees were notified Thursday that the servers may be down until Monday. Parsnik said the outside assessment will determine if additional time is needed to achieve full restoration.
The unknown attackers likely got into the system through an email attachment unknowingly opened by a worker, Parsnik has said.
There’s no evidence at this time that the attack originated from another country or that data was stolen, and it is not a situation where the county has been locked out of its computer systems pending payment of a bit coin ransom, he said.
Due to concerns about cyber threats, the county last year started flagging all incoming emails from non-county senders with a notice reminding staff not to open attachments or click links unless they are sure it is safe. The county also added a new $26,000-a-year advanced threat protection program in last year’s Microsoft Corp. contract renewal.