Durham city, county preparation prevented data breach when hack happened
Posted March 9, 2020 12:34 p.m. EDT
Updated March 9, 2020 6:03 p.m. EDT
Durham, N.C. — It appears that employees of Durham governments, at the city and county level, separately clicked on links in an email allowing a known malware virus access to those government networks.
"These viruses are just rattling doorknobs," Durham Mayor Steve Schewel said. He joined the city and county managers and leaders of city and county information technology departments Monday in describing the cyberattack and response by their offices.
Together, the leaders praised the preparation, training and backup systems put in place that allowed for a quick response.
City Manager Thomas Bonfield said his staff had assured him that an investigation detected no breach of personally identifiable information. "We have no indication any data was stolen or tampered with," Durham County Chief Information Officer Greg Marrow said.
Protective systems detected the malware Friday night and alerts IT staff, who responded by taking networks and phone systems offline to contain the damage.
Some of those systems, including access to 911, were restored quickly or operating on backups. A full restoration of the 2,000 or so city and county computers to their respective networks could take most of the week.
Marrow said the county planned to re-image 1,000 computers and rebuild 100 servers in their data center.
Visitors to City Hall found a message on the door Monday that said, "We are currently unable to access any of our systems."
Web access to the City of Durham and Durham County government was working, and residents could use online services to securely pay bills and request services.
Kerry Goode, chief information officer for the City of Durham, said he expected "core business systems," such as those that manage payroll, to be back online by Monday night.
He described a three-step process in which IT staff would review each computer and other device before re-connecting it to the city network.
"Ransomware cannot consume our backups," he said. Schewel noted that the city backs up data every two hours.
In press releases and questions with the media Monday, the Durham leaders referred to "malware" and to "ransomware," but no ransom demand was received.