'This is not somebody in his mother's basement': Massive cyberattack prompts Mat-Su disaster declaration
On Tuesday, officials with the Matanuska-Susitna Borough officially declared a disaster, owing to a cyberattack they referred to as "the worst of its type in the nation."
The attack, which took over the Borough's systems, bringing down lead servers, phone systems, and individual employee computers, is a multi-faceted threat, which acts in different ways.
The attacks are also known world-wide for their severity and sophistication, causing the Borough's computer infrastructure to be compromised. Assembly Member Ted Leonard called it a "terrorist attack."
"This is not somebody in his mother's basement," said Borough IT Director Eric Wyatt. "This is ... definitely an organization that wants to cause chaos within our country."
In a meeting Tuesday, the decision was made to officially declare the attack a disaster for the Borough, based on the magnitude and severity of the attack, which is expected to cost the Borough hundreds of thousands of dollars to recover from.
"We declared a state of emergency primarily because the dollar amount of the damage is going to be greater than a threshold," said Wyatt, who also estimated the costs to be somewhere near but less than $750,000.
Wyatt added that organizations of the same size and type as Mat-Su generally cost $1 million to recover from the attack, though their current estimate is less than that.
Following the official disaster declaration, the Borough could be eligible for funds from FEMA to assist with costs related to the disaster, including disruption to Borough services and loss of productivity (many employees were without email and computer usage, delivering type-written memos by hand, and
), as well as overtime being paid to IT staff, who are working around the clock to fix the damage done and bring the systems back up.
All told, Wyatt said, several different known attacks were identified, including the virus Emotet, a system-crippling agent, and also a ransomware called BitPaymer, and malware called Dridex.
These were referenced by Wyatt at Tuesday's meeting for being the main damage-dealers and the "worst of its type." He said the group using these to attack the Borough is well-organized, and well-funded.
"We're much safer, but we're never completely safe," he said. "There's always the possibility there is something else hanging out there."
Included in the aftermath of the attack was a single file left behind, an executable file with a number attached to it. Wyatt called this a "victim number."
"Our victim number is 210 for this virus," Wyatt said, "meaning that 209 others are victims before us. In Alaska, so far Valdez also has the virus."
In the wake of the attack, Borough IT staff have been working at bringing email servers and computers up. So far, Wyatt said some email service was restored but limited, with full functionality expected within the week.
For the actual computers, the department is wiping and restoring hardware before it is connected to the network again.
"We have collected all the desktop computers in the borough, over 500, and they are all being scrubbed and re-imaged," Wyatt said.
Some of those computers, however, were still not ready for use even after being reformatted, and were scrubbed again. "We started to deploy, but found that the image that we were deploying needed to be pulled back," Wyatt said.
The restoration process is expected to continue, and officials hope the disaster relief funding will help mitigate the previously estimated damage. However, the attack acts as a wake-up call, Wyatt said, about what our generation of cyber warfare will look like, calling it a "new reality."
"This is our new reality. These kinds of attacks become more and more prevalent, become more and more vicious. Every time we find a way to stop attacks like this, the attackers find more insidious ways to attack us," Wyatt said.