Share This Article
Baxter County officials are moving to fortify the county’s various servers following a series of hacking attempts that targeted the Baxter County Collector’s and Assessor’s Offices and the Baxter County Sheriff’s Office.
The attempted hacks were first discovered in November of last year, prompting Apprentice Information Systems (AIS), a Northwest Arkansas IT company that serves almost every county in Arkansas, to shut down its servers for the entire month of November. Both offices deployed their disaster plans following the attempted hack and shifted to paper records.
The Baxter County Sheriff’s Office, which uses a different IT company for its databases, was hit in June of this year, resulting in several of its databases being taken offline for over a week.
Baxter County Collector Teresa Smith said she was proud of her employees for quickly implementing her office’s disaster plan.
“I’m proud of them. We handled things the old fashioned way,” Smith said. “There are things that we’ve tweaked [in our plan] because we thought, well we can do this a little bit better, and they are now in place.”
While tight lipped on the situation due to the ongoing law enforcement investigation, county officials said county records within the collector’s and assessor’s office were unaffected. Several computers containing public records and working documents at the Sheriff’s Office were breached.
No ransom was paid to the hackers. The attempted November hack also had no effect on the county’s election results due to its election machines not being connected to the internet. The Federal Bureau of Investigation is currently conducting its investigation of the hacking attempt.
Both hacks are believed to have been conducted by the same overseas group.
In a joint county budget and economic development meeting held in July, Smith said the Baxter County Quorum Court should expect the attempted hacks to cost the county a significant amount of money as the county’s various IT specialists and services work to overhaul and fortify the county’s computer systems.
One Baxter County official said the potential costs prompted AIS to meet with officials in person before the news was delivered to members of the Baxter County Quorum Court.
“This is something that we’ve never had to really bring before you,” Smith said during the public July committee meeting to members of the Baxter County Quorum Court. “You’re going to probably be seeing some substantial increases in our line items next year when we go into next year’s budget. Just giving you a heads up.”
On the first weekend of November 2022, AIS shut down its servers after being notified by an IT worker in Miller County that there was suspicious activity on its servers.
The resulting shut down affected 55 out of Arkansas’s 75 counties, prompting many county offices to close on the following Monday. At the time, AIS announced that it was asking counties to turn off their servers to address “technological issues” on their end.
By November 9, AIS spokesman Dough Matayo began notifying the public that a possible security breach had occurred, stressing that the possible breach had no effect on Arkansas’s election process.
“Every county is kind of in their disaster protocol, which basically means their non-technology protocols for now in the interim, but Apprentice and the counties are in contact each day conducting assessments and updates,” Matayo said to reporters at the Arkansas Democrat Gazette.
A Baxter County official who spoke to the Observer on the matter said the county’s elected officials were concerned about the impact of the potential breach after they were notified.
Those concerns grew following Baxter County Sheriff John Montgomery’s announcement that the federal government had contacted his office to notify him that they had “detected transfers of data taking place between the Sheriff’s Office server and an overseas location.”
Following the notification, three separate IT firms were contacted by Montgomery to begin the process of isolating the server and removing any malicious viruses or malware that may have been deposited on the server by hackers.
BCSO also had new equipment installed following the breach. In his announcement, Montgomery stated that BCSO’s IT specialists believed that no data or records had been altered, modified or deleted by hackers. His announcement did note that “the possibility exists that they were able to obtain personal identifying information on Sheriff’s Office employees and potentially other persons.”
BCSO is currently offering its employees identity theft and credit monitoring as a precaution.
According to the Center for Internet and Society, local governments within the United States have seen a sharp uptick in successful cyberattacks within the last decade. These attacks have focused on targets ranging from 911 call centers to public school systems. The consequences of the attacks can often be devastating, with entire government systems becoming crippled for weeks and months on end, while costing taxpayers around the U.S. millions in damages and ransom fees.
Fifty-eight percent of local government organizations were hit by ransomware in 2021 alone. According to the White House, the global economic losses from ransomware reached over $400 million in 2020 and topped $81 million in the first quarter of 2021.
The annual “State of Ransomware in the U.S.” report by software company Emsisoft found 106 state or municipal governments were affected by ransomware last year, at least 27, or 25%, of those attacks involved data theft.
However, if the 55-county incident in Arkansas is disregarded, that increases to 53 percent. In 2021, data was stolen in 36 of 77 incidents (47 percent).
Quincy, MA., paid a demand of $500,000 and is the only local government known to have paid a ransom in 2022. The highest ransom to become public knowledge was the $5 million demanded from Wheat Ridge, CO.