Ransomware attack responsible for La Salle County technology issues

State and federal authorities are assisting the county

1 of 2

La Salle County officials said Wednesday a ransomware demand was responsible for its ongoing technology issues.

At about 2:30 a.m. Sunday, the IT department was informed the network was infected with a ransomware demand, according to a press release issued by county's IT department.

This type of ransomware is a malicious software designed to block access to a computer system until a ransom is paid. There is no evidence any county data has been compromised other than the ability to access it on local machines, according to the press release.

La Salle County IT staff have been working overtime in an attempt to restore the county's computer network, including working with law enforcement authorities, the FBI and the Department of Homeland Security and Illinois Department of Innovation and Technology.

The variant of ransomware that affected the computer network was released four days prior to the attack on the county’s network. Since it was a new variant, the protection the county uses were rendered ineffective.

Three days into the attack, the county has moved from the investigation mode, gathering forensics and data collection to recovery mode.

“The county regularly backs up all data to an off-site location," said John Haag, director of the county's IT department, in a press statement. “Our vendor is on site and is in the process of restoring all of our data.”

La Salle County has no plans to pay the ransom. It has been the experience of others that have had ransomware attacks that they don’t get all of their data back even if they pay it, according to the press release.

At the current time, county email still is not functioning. A temporary email account has been established to receive Freedom of Information Act requests at lasallecountyfoia@gmail.com

The ransomware that hit the county network affected only the systems that were connected to the internet. Early voting is under way and the tabulators that are used for that function are not connected to the internet and have not been affected.