Cyberattacks are becoming increasingly common — and they’re striking closer to home than ever before. In July 2024 alone, over 19 million people in the United States were impacted by 70 new data breaches impacting small businesses to major corporations alike. Now, the threat has landed on our doorstep with a recent attack just miles from Strategic Communications headquarters.
Hitting Close to Home
On July 22, 2024, a ransomware attack shut down every branch of the Jefferson County Clerk Offices, a county that is home to around 773,000 people and the city of Louisville. According to officials, the attack was discovered just days after resuming typical hours after offices were closed for two weeks to tackle a “significant backlog” caused by malfunctions in the KAVIS software, which is used by county clerk employees to process motor vehicle and boat transactions.
Executive Director for the Jefferson County Clerk’s Office David Summerfield stated in one interview that hackers made data recovery harder to do by deleting the most recent set of backups, along with turning off services that assisted in restoring corrupted systems and deleting or encrypting event logs that monitor and record computer activity.
The Impact
This second shutdown led to motor vehicle offices across the county being closed, creating undue hassle for residents who needed to renew car registrations, transfer titles, or update their addresses on their licenses.
Weeks later, the offices announced that sensitive data like personnel files, Social Security numbers, and election administration information were potentially leaked in the cyberattack. On August 12, RansomHub claimed responsibility for the cyberattack and data leak by publicly naming Jefferson County on the dark web, along with a list of files that the entity has claimed to have stolen. Sensitive data that is now being ransomed by these hackers include:
- Human resources documents
- Invoices
- Alarm system details
- Financial documents
- Budget documents
- Customer contracts
- Election administration data dating back to 2008
Their Solution
Cleaning up the aftermath from this ransomware attack is a multipronged approached. According to the clerk’s office, just under $100,000 of taxpayers’ dollars were spent to get systems back online and equipped with extra security.
Additionally, the clerk’s office has stated that leaked files are currently under review to identify individuals with leaked information; similar to other agencies that have fallen victim to malicious actors, letters will be sent to notify these citizens of their exposure in the data leak. Federal law mandates that private companies have 60 full days to notify individuals of data leaks, but Jefferson County Clerk Office internal policy only allows 35 days to identify and contact individuals.
Lessons Learned
While everyone thinks that they’re immune to situations such as this one, there are five key lessons that can be learned from the Jefferson County ransomware attack.
1. Prioritize cybersecurity as critical infrastructure
Digital security should be treated with the same importance as physical infrastructure. This ensures the continuity of essential public services should an incident occur.
2. Implement robust data protection measures
Sensitive information, along with historical data, should be safeguarded behind strong encryption, segmentation, and long-term security strategies to ensure citizen safety.
3. Develop comprehensive incident response plans
Plans for cyberattack scenarios should not only be in existence but should be regularly updated and communicated with your team. Points to cover include communication protocols, backup systems, and recovery procedures.
4. Maintain vigilance during system changes
During and after software updates or system changes, it is imperative that you increase security measures and monitoring as these periods can be particularly vulnerable to attack.
5. Conduct regular security audits and training
You’re only as strong as your weakest link — so mitigate human-error risks by frequently providing ongoing cybersecurity training for all employees along with performing security assessments to identify internal vulnerabilities.
Interested in better safeguarding your data?
Protect your data before it’s too late. Schedule a complimentary 30-minute security consultation with our experts to evaluate your organization’s ransomware readiness.
Share this Post