PALMER — The effects of a summer cyberattack linger in Mat-Su.
Vicious malware crippled more than 600 Matanuska-Susitna Borough computers and multiple servers in July, kicking employees off email and forcing workers at heavily trafficked departments like the landfill and animal shelter to scribble notes on paper. It was months before some systems were back online.
Now, in a new vestige of the attack, borough officials sent out a letter to employees recently: Their personal information may have been compromised if they used borough computers to do private business like banking or paying credit cards.
“I’m not aware of any specific employee that’s actually been compromised,” Dan Monarch, operations manager for the borough’s IT department, said Wednesday. “We just know the malware used has the potential to compromise.”
The letter, signed by Borough Manager John Moosey, tells employees the borough is notifying every employee and anyone who used borough computers between late April and late July “out of an abundance of caution.”
Along with recommending computer users change log-in credentials for accounts at risk, the borough is providing three years of free credit monitoring, according to the letter. The borough isn’t aware of any threat since the software deployed to steal credentials was removed in the extensive systems rebuild following the cyberattack.
The total cost of responding to the attack so far to the borough: more than $2 million.
The malware also came with a $400,000 ransom request, Moosey said in an interview Wednesday. The manager quickly rejected that option after a 10-minute conversation with the insurance company that covers cyberattack costs.
“There was just no way,” he said, adding that the borough couldn’t trust the hackers would keep their promise to return data once they’re in the system. “For a public entity, at least the Mat-Su Borough, it really was nothing but wrong.”
The city of Valdez, however, opted to pay a smaller ransom to retain potentially hacked data, officials there say. A virus there infected 27 servers and 170 computers.
Through a third-party firm the city hired, the attackers demanded four bitcoin, digital currency equal to $26,623.97 at the time, in exchange for an electronic decryption tool, according to a mid-November update.
City manager Elke Doom said in the update that the terms of negotiation required "demonstration of successful decryption of multiple City documents and verification the decryption key would not reinfect our system.” Over a period of several weeks, IT personnel used the tool to decrypt all city data infected by the ransomware.
To date, there is no evidence to suggest any information was taken, officials say.
Full restoration of the Valdez computer system isn’t expected to be complete, however, until early next year.
The FBI looked into both cyberattacks, which occurred within days of each other but involved different malware. A spokeswoman for the FBI said there were no updates to the investigations this week.