Private information of some employees compromised in Georgetown Co. ransomware attack

GEORGETOWN COUNTY, S.C. (WCSC) - Almost five months after a ransomware attack, Georgetown County officials said Thursday their computer systems are mostly back up and running after a complete rebuild. However, the hack is still under investigation by the South Carolina Law Enforcement Division.

Public Information Officer Jackie Broach said most of the compromised information was already public record, but the social security numbers of about 50 employees inside one department were accessed. They had been stored on the computer that was initially infiltrated by the hackers. Broach said the county’s cyber insurance policy is paying for credit monitoring services for those employees whose private information was stolen. The hackers also obtained some of the county’s bank account information, but it was outdated and no longer in use.

The ransomware attack killed all of the county’s computer systems. Broach said all the county’s virtual operations were brought to a grinding halt when an employee opened an infected email on Jan. 22.

“It was a very sophisticated attempt to gain access to the county network, according to the cyber security experts we are working with. They described it as something most people would have mistaken for being a legitimate email,” a February press release stated.

Since then, Georgetown County has increased its security protocols with a more layered approach, but the local government still sees similar attempts to infiltrate its systems every day, Broach said.

The overall cost to the county came to about $10,000 to cover its cyber insurance deductible. Plus, county council voted soon after to approve a general fund increase of $140,000 to help pay for necessary network upgrades.

While most operations are functioning again, especially those that impact the public, the county’s IT department is still working to sort out some issues. Broach said one of those is a continued lack of internal Wifi.

So far, few details have been released by SLED about where the attack originated or who was behind it. Georgetown County officials opted to not pay the hackers’ ransom, fearing it would incentivize future attacks. Because of the ongoing investigation, Broach said she could not confirm how much the hackers were demanding, but she did say they wanted the ransom paid in the form of cryptocurrency.

For now, Georgetown County officials are working to monitor their systems and make sure this doesn’t happen again.

“We were just the ones that had the misfortunate of letting that link in that day,” Broach said. “We hope other agencies and governments can learn from what we’ve been through and that this doesn’t happen to anybody else.”