Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Indiana County Disabled by Malware Attack

LaPorte County, Indiana, reported Sunday that it had been affected by a malware attack. County Commission President Dr. Vidya Kora announced that county employees and the public needing to access any county government email or website would be unable to do so because of a “malicious malware attack that occurred on Saturday morning, July 6, 2019, that has disabled our computer and email systems.”

LaPorte County, Indiana, reported Sunday that it had been affected by a malware attack. County Commission President Dr. Vidya Kora announced that county employees and the public needing to access any county government email or website would be unable to do so because of a “malicious malware attack that occurred on Saturday morning, July 6, 2019, that has disabled our computer and email systems.”

A press statement issued July 7 explains that the IT department discovered the malware and shut down systems on Saturday afternoon. “Unfortunately, at least half our servers have been infected and it will take some time to fully restore service.”

The statement says nothing about the malware itself. It notes that the county has cyber insurance, and that Travelers Insurance “immediately referred us to the Wayne, PA, incident-response law firm of Mullen Coughlin LLC that specializes in responses to such cyber-attacks and coordinates system repairs and protection of our computers from further such virus infections.”

Mullen Coughlin LLC describes itself as “uniquely dedicated exclusively to representing organizations facing data privacy events, information security incidents, and the need to address these risks before a crisis hits.” Its partners, however, have often given talks on ransomware and the response to ransomware.

Talk about system repair and the need for ‘some time to fully restore service’ points the finger at a ransomware attack. Without confirmation from LaPorte County this is just conjecture, but it fits with recent history. Within the last few weeks, Riviera Beach City in Florida agreed to pay a ransom of $600,000. It too had cyber insurance, and the payment was covered by the insurers.

What isn’t known in such circumstances is the extent of influence exerted by insurers over how the victim should respond. In the LaPorte incident they seem to have considerable influence. It was the insurer who specified the legal firm, and the legal firm who, says Kora, “will also assist us as we prepare documentation to report this attack to the FBI and other appropriate law enforcement agencies.”

There are concerns that as criminals learn that insurers are likely to pay the demand, they will simply increase the amount demanded. Certainly, the last 16 months have shown in increase in extortion targeting municipalities, and a dramatic rise in the ransom figure (from around $50,000 for the attack on the City of Atlanta in March 2018 to $600,000 for Riviera Beach City in June 2019).

Insurers consequently have an incentive to maintain a low-profile over their involvement in paying ransoms. This — and again it is just conjecture — could explain why LaPorte has said nothing about the nature of the attack. Had it been a medical facility, it would have been required to disclose the attack, even if it were a ransomware attack, under HIPAA.

The Indiana disclosure law is simply that Indiana businesses inform their customers about security breaches that have placed their personal information in jeopardy. Ransomware does not normally involve theft of personal data, so would not need to be disclosed.

Related: Georgia County Criticized Over $400K Ransomware Payment 

Related: Utah County Struck by Ransomware 

Related: Aluminum Giant Norsk Hydro Hit by Ransomware 

Related: Eurofins Scientific Paid Up in Response to Ransomware Attack 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.