DeKalb County government email, servers still plagued by Monday’s ransomware attack

SYCAMORE – DeKalb County government endured a third day without email server access, among other county technology woes, Wednesday because of a ransomware attack earlier this week, officials said.

DeKalb County Sheriff Andy Sullivan said Wednesday that there have been multiple sheriff’s dispatchers working out of the DeKalb Police Department because of the sheriff’s office’s system being corrupted in the ransomware attack on Monday. That’s how the county still is able to dispatch and answer 911 emergency calls, he said.

“They can dispatch all of our stuff because we share the [computer-aided dispatch] and radio system,” Sullivan said.

Sullivan said the DeKalb Police Department also is able to use the sheriff’s office’s dispatch system if something happened over there.

“We back each other up,” Sullivan said.

The county’s servers have been inaccessible with limited functionality “throughout county operations” since a Monday ransomware attack, according to county officials said in a Tuesday news release.

“It does not appear that any county files have been compromised,” county officials wrote.

Government agencies have been subjected to ransomware attacks both in Illinois and nationally in recent months. Earlier this spring, Illinois Attorney General Kwame Raoul’s office announced the state agency had been subjected to a ransomware attack. The Chicago Tribune reported in July that the attorney general’s office spent more than $2.5 million handling the crisis.

DeKalb County government offices were closed Monday because of the Columbus Day and Indigenous People’s Day holiday.

According to a Wednesday email from the online notification regarding Illinois Department of Corrections and DeKalb County Sheriff’s Office inmates, the system “is not currently receiving status information from this agency.” For current status information on offenders, victims can call the DeKalb County Sheriff’s Office at 815-895-4177.

Sullivan confirmed an investigation regarding the attack is ongoing with the sheriff’s office. He and DeKalb County Administrator Brian Gregory said county law enforcement officials are working with the FBI’s Chicago office.

“Any evidence … will be turned over to them to determine what exactly happened,” Sullivan said.

In the meantime, Sullivan said the county jail has been handling bookings manually and will update the electronic system once it’s back up and running like normal.

“We just do hand bookings like we used to do years ago, with pen and paper,” Sullivan said.

The county’s information management office continues to work to restore the servers using back-up data, officials wrote in the release.

“While significant progress has been made to restore the servers, email access is currently unavailable,” the release stated.

As of 4:25 p.m. Wednesday, the DeKalb County Health Department’s online COVID-19 data dashboard was updated for the first time since Friday.

County staff wrote in the Tuesday news release that they have “made arrangements to provide services within the current limitations.” Tasha Sims, executive assistant for the county’s administration office, said Tuesday the county’s WiFi internet is working, “so Zoom and all that work.”

DeKalb County State’s Attorney Rick Amato said court document access was available Wednesday after the Monday ransomware attack.

“Our IT staff is doing a great job of restoring the network,” Amato said. “A lot of the systems are back up, but they are working to get us fully back, which could take a while.”

County officials did not initially cite the source of the ransomware attack in the Tuesday news release. Gregory said late Wednesday morning the source “is unknown at this point.”

“It is an active investigation.”