PHILADELPHIA (KYW Newsradio) — After paying a hefty ransom for a recent cyberattack, Delaware County is working with an outside firm to protect its information systems from future intrusive events.
County Executive Director Howard Lazarus and Chief Information Officer Frank Bilotta publicly released a memorandum addressed to councilmembers. It details a cyberattack on its information systems, somewhere between Sept. 10 and Nov. 21.
According to the memo, the initial attack was a result of phishing. An employee received an email with malware and downloaded its contents, which allowed the cyberattackers to capture credentials and infiltrate the system.
The county paid a $25,000 ransom. The cyberattacker then provided the decryption tool necessary to unlock the county systems, a list of exfiltrated files, and a general description of how the attack commenced.
The county’s IT staffers are working with a cybersecurity firm on a number of issues, including rebuilding clean versions of the server’s infrastructure, updating old systems, and applying security patches. The team is also assessing if personal information was compromised.