The Union County Treasurer's Office is back up and running after a cyberattack forced county officials to halt use of some technology earlier this month.
Apprentice Information Systems, Inc., a technology company based in Rogers that provides software packages designed for local government offices, was targeted in a cyber-attack the weekend before the midterm elections, said Jody Cunningham, administrative assistant to the county judge and incoming county treasurer.
The Treasurer's Office came back online on Nov. 21, Cunningham said.
"They got our software back up and running the afternoon of November 21. We are in the process of entering those two weeks worth of work into the system now," she said on Tuesday.
Scott Hollis, the county's information services manager, told Justices of the Peace on Nov. 17 that the security breach, which impacted 54 Arkansas counties, was under federal investigation.
"We had a Zoom call with the State of Arkansas, Department of Information Systems and about 140 different other people around the state and they gave us some information -- not a lot, because there's an ongoing investigation right now. Both Homeland Security and the Cybersecurity Task Force with the National Guard are involved in that," he said.
Hollis said Apprentice workers noticed "suspicious activity" the Saturday before the election, Nov. 5.
"Their technicians went into the office and saw that somebody was attacking the systems, had encrypted their servers and was slowly working their way out to the different county servers that AIS had access to," he said. "So they shut everything down and attempted to shut down, remotely, the servers and they didn't have access to them."
From there, the company began reaching out to counties that utilize AIS software, to direct them to shut down any computers with the software. Cunningham said earlier this month that she was contacted around 9 p.m. on Sunday, Nov. 9, and asked to turn off and unplug the AIS server in the Treasurer's Office.
Hollis said Cerberus Sentinel, a cybersecurity company AIS works with, identified a foreign hacking group as being responsible for the attack.
"They identified the group that did this as a Russian-Ukrainian group called BlackCat," Hollis said. "They didn't mention any money, anything about actual money being transferred... There was a question of whether it was a ransomware attack, if BlackCat asked for ransom, but they wouldn't say about that, so I figure that's an ongoing investigation, they're not going to talk about it until they know more.
"More than likely, they're not going to pay any kind of ransom. That kind of thing – people have stopped paying ransoms because there's no guarantee that they'll actually unencrypt your data. Once they have your money – they don't have to do anything, they can just move on, and people have started realizing that," he continued.
In September, Reuters reported that the BlackCat group, since November 2021, was responsible for up to 136 cyber-attacks on companies in the U.S. and Europe. Recovery from their attacks can cost up to $1.85 million, the outlet reported.
AIS had the data stored on its servers backed up, Hollis said, and the company was working to "rebuild the data" that was corrupted or encrypted in the attack.
"There shouldn't be any loss of data," he said. "On our said, our backups... I believe our systems in the building were not affected. The three work stations in the Treasurer's Office (with AIS software), I ran multiple scans on them; all the work stations come out clean."
District 6 JP Cecil Polk asked if there was a way to pinpoint where the attack came from and how it was able to happen, and Hollis said the investigation into the incident would likely provide any answers that can be uncovered.
District 3 JP Greg Harrison asked whether there were any security measures the county could put in place to prevent future attacks. Hollis said he had looked in to cybersecurity services, including one package from a company called Arctic Wolf that would provide 24/7 surveillance for $33,000 a year.
"If there was any suspicious activity, they would either mitigate it, call me in, call the affected office in or something -- bring us in -- and then help mitigate it from the inside out. It would also help us get rid of it," Hollis said. "It's kind of like a (home) security system, but it's a little more involved than just putting a perimeter, like a door sensor, on your house. It's more like the monitored system, but there's also a guard outside that can come in and help you."
Polk questioned whether such a service would be worth the money since its unknown how often cyberattacks might happen and suggested researching whether the county would be eligible for any insurance endorsements if it did engage cybersecurity services. District 7 JP Johnny Burson also asked whether a service like the one Hollis described would protect all the county's technology, and Hollis said it would only cover the courthouse, leaving out the Union County Sheriff's Office and a few others that operate outside of the courthouse.
"The state of Arkansas was in talks about a cybersecurity grant, so in the next month or so, there may be more information in on that. It's possible that the grant could help us pay some or maybe all of it, depending on the grant. There's also a cybersecurity grant, I believe, from the federal government," Hollis noted.
Cunningham said the Treasurer's Office will hopefully be caught up with its backlog by the end of the week.