Six months after the massive cyber attack on Wyandotte County, taxpayers know little about it – including the cost
Six months after a devastating ransomware attack on Wyandotte County computers was belatedly acknowledged, the public still knows precious little about it. Yet, one source says taxpayers will have to foot the bill for millions in repairs.
It’s unclear who perpetrated the attack; how much the hackers demanded; whether any money was paid to them; whether anyone has been arrested, or if criminal charges are pending; or if any Unified Government employees were disciplined for the lapse in security or the lag time in reporting it.
In short, UG officials have said almost nothing to the public about the massive attack even half a year later.
Sources told The Heartlander early on that it was, indeed, a ransom attack and that its digital trail led to somewhere in the Russia-Ukraine war zone. Initially, officials said in April that the attack went undetected for two days and unreported to authorities for a third. But sources later told The Heartlander that Wyandotte County IT officials had been warned months prior that there was malware in their databases.
A confidential source with knowledge of the investigation told The Heartlander Tuesday that the attack may have occurred nearly a year ago, over the Veterans Day holiday.
In addition, The Heartlander learned that, months before the cyber attack, the Unified Government of Wyandotte County/Kansas City, Kansas had approved a new position of cyber security analyst – but it was never filled due to the administration’s hiring freeze.
County computers are mostly functional now, although The Heartlander is told that public access to court information is still limited and completely unavailable for property tax valuations.
And while some officials have left the UG since the attack – including two in the IT department – The Heartlander is not aware of any employees who have been disciplined for the breach of security – or the time it took to respond to it.
If an IT official at any private business had so sluggishly presided over this serious of a cyber security breach into both hardware and software, the source says, “he would have been fired immediately. I mean, you have a lot of issues here. We have data issues, we have privacy issues, we have public tax issues, money issues. And not only [was an IT official] not fired, they just said, ‘Well, come on back in and keep working.’
“No other organization would’ve done that.”
Indeed, the malware is actually said to have infected a server late last year that the Unified Government shares with the Board of Public Utilities. A confidential source told The Heartlander that BPU technology officials took steps to halt the attack on their end, but for some reason the Unified Government did not.
Ransom reportedly wasn’t paid. But despite a paucity of information coming from the Unified Government, taxpayers will be on the hook for $10-20 million – and perhaps more – in repair and replacement costs for hardware, software and more, the source tells us.
Full recovery from the attack may not be possible for years and years, the source said.
Why isn’t the UG giving the public more information? It might be because of ongoing investigations. But, our source said, if the perpetrators are foreign adversaries as they’re thought to be, “they’re not people that are going to be, you know, coming to Disney World. So, picking them up in Russia at this point is probably going to be impossible.”
More likely, the source said, UG officials are simply embarrassed and sticking their heads in the sand – or are still picking up the pieces and don’t know quite what to say.
“You have a system that’s up and operating, and yet it’s not fully got all the pieces put together. So, how do you talk about that in public and then manage it?” the source said.
Asked what the public should conclude from the attack and the subsequent lack of information, the source cited an incompetently run government.
“Well, when you hire incompetent people to manage your government – from the administrator down to the IT functionality, all the supervisors – you’re going to have problems,” the source said.
“The reason that we have a poverty index that’s going up is not because people don’t want to do better. It’s because you have a system of government that strangles the economy and defeats all purpose. And we have to change that. We have to have new top leadership on all levels.”