Linn County Communications Officer
Linn County Commissioners Roger Nyquist, Sherrie Sprenger and Will Tucker gave the county’s Information Technology (IT) staff a standing ovation Tuesday morning, thanking them for their handling of a ransomware incident the morning of Jan. 24.
IT Director Steve Braaten introduced his staff of 14, working out of the courthouse and the Health Department: Karen Guilford, Kathy Wynhausen, Vicki Slover, Mark Newman, Christina Low, Steve Pederson, Mike Armstrong, Carl Cole, Lily Daudert, Jack Wagner, Rob Hooper, Josh Fewless and Tim Maerz.
“All of you did a great job,” Chairman Nyquist said. “We appreciate your work day in and day out, but we don’t thank you enough. You only get called when someone has a problem.”
Nyquist said the IT Department’s swift handling of the incident resulted in the county not paying a ransom to regain computer services as has happened in many other public and private situations.
Commissioner Tucker praised the staff for working “long days, all hands on deck. You had an overwhelming response. Some counties have been down for weeks.”
Tucker added that the IT Department’s efforts “made our lives much easier. What a blessing you have been.”
Commissioner Sprenger said her husband is known as the “sound guy” in their circle of friends and he has often said the only time people recognize “sound guys” is when something goes wrong.
She noted the same is true for the IT folks.
“This is a big win to celebrate,” Sprenger said. “Not much data was lost or compromised and many records were not lost. Down time was very brief.”
The incident came to light early on Jan. 24 when a Linn County employee turned on his computer and saw that it was being encrypted. He immediately notified Braaten. Another IT employee also received a text message from someone at the Sheriff’s Office noting that an administrative log-in appeared to be compromised.
Staff was in the courthouse within the hour and by the end of the day, Monday, the county had agreements in place with a company in Virginia that specializes in ransomware response.
This company had staff in the courthouse early Tuesday morning.
Braaten said that by Wednesday, several of the county’s critical servers and workstations were back up and running, although work continued extensively over the next week. Braaten said outside of the meeting that backup systems put in place by Karen Guilford was a significant factor in how little data was lost.
IT staff worked 12 to 14 hours per day, including weekends, Braaten said.
“We are constantly getting hit by people trying to get into the county’s systems,” Braaten said. “Thousands of times per day external threats are attempted against the county. Prevention is ever-changing as new attacks are developed daily. As a result, we need to be correct 100% of the time”.
Braaten said the county has installed malicious code execution software on all county servers and computers and is taking numerous other steps in terms of hardware and software to block potential data attacks in the future.