Linn County Commissioners Roger Nyquist, Sherrie Sprenger and Will Tucker gave the county’s Information Technology (IT) department a standing ovation Tuesday, March 15, commending its response to a Jan. 24 ransomware attack.
IT Director Steve Braaten introduced his staff of 14, working out of the courthouse and the Health Department: Karen Guilford, Kathy Wynhausen, Vicki Slover, Mark Newman, Christina Low, Steve Pederson, Mike Armstrong, Carl Cole, Lily Daudert, Jack Wagner, Rob Hooper, Josh Fewless and Tim Maerz.
“All of you did a great job,” Nyquist said. “We appreciate your work day in and day out, but we don’t thank you enough. You only get called when someone has a problem.”
He added that the division’s promptness prevented the county from paying a ransom to regain computer services, as has happened in many public and private scenarios.
Tucker praised the staff for working “long days, all hands on deck. You had an overwhelming response. Some counties have been down for weeks.” Its efforts, he continued, “made our lives much easier. What a blessing you have been.”
Sprenger described her husband, Kyle, as their circle of friends’ “sound guy,” who has often commented that people only recognize “sound guys” when something goes wrong. The same, she noted, was true for IT.
“This is a big win to celebrate,” she said. “Not much data was lost or compromised and many records were not lost. Down time was very brief.”
The incident came to light early Monday, January 24, when a Linn County employee activated his computer and saw that it was being encrypted. He immediately notified Braaten. Another IT member received a text message from someone at the Sheriff’s Office noting that an administrative log-in appeared to be compromised.
Staff reported to the courthouse within the hour. By the end of the day, the county had agreements in place with a Virginia company specializing in ransomware response. It had staff in the courthouse early the following morning.
By that Wednesday, Braaten recalled, several of the county’s critical servers and workstations were back up and running, although work continued over the next week. He commended Karen Guildford’s backup systems, which significantly reduced the amount of lost data. IT staff worked 12 to 14 hours per day, including weekends.
“We are constantly getting hit by people trying to get into the county’s systems,” he said. “Thousands of times per day external threats are attempted against the county. Prevention is ever-changing as new attacks are developed daily. As a result, we need to be correct 100% of the time.”
Braaten said the county has installed malicious code execution software on its servers and computers and is taking numerous other steps in terms of hardware and software to block future attacks.
– Alex Paul, Linn County Communications Office