LAWRENCE COUNTY, Tenn. (WKRN) — In 2020, the Lawrence County 911 center was hit by a malicious ransomware attack. What happened? And how did the 911 team handle the cyber emergency? Andy Cordan went back to Lawrenceburg to talk with people who battled the threat head-on.
The ransomware attack happened in the spring of 2020 and it began with very alarming notices on workplace computers at the 911 center.
Marty Crum is the operations manager for the Lawrence County Emergency Communications Center. “Now I’m getting really sick and thinking ‘OK, we are under attack. We are about to lose everything.’”
Sunday night, April 26, 2020, at 5:57 p.m., Crum gets a warning that someone has logged into a dispatch center workstation using a remote desktop that Crum said never happens. “I was a little nervous because this has never happened before,” recalled Crum.
He rushes to the 911 center and his worst fear is realized…someone has launched a ransomware attack against the center. “And that’s when I knew we were under attack.”
Crum takes a picture of what his terminal looks like in those first moments, several files have been padlocked and there’s an encrypted message from an overseas contact named Mister Dec. who explains how to unlock the files. “Files have been encrypted. It gave us a specific code and gave instructions on what we needed to do,” remembered Crum, who never made contact.
Instead, he immediately powered down all workstations and servers to minimize the spread of the attack. Crum also notifies both the Tennessee Bureau of Investigation and the Federal Bureau of Investigation.
Fortunately, the cyberattack did not affect radios or telephone communications but the breach did adversely affect the computer-aided dispatch system known as CAD, which records all activity on an emergency call, electronically.
Because of the breach, dispatchers had to do it by hand.
The CAD system also quickly accesses criminal histories and license plate information for officers in the field. This had to be done by phone with the help of neighboring county dispatch centers who are happy to help but also have their own workloads to contend with
“So an officer might call into you, you’d have to call Giles County, they’d have to look it up and call you back and you’d have to call them out there?” asked Andy Cordan.
“That is probably the slowest way they could give it to us, on the phone, depends how busy they were. We were thrown back into the 19th century, but it was mostly on our end, stuff the public would not be exposed to. our response times never suffered from it,” explained Crum.
Over the next five days, Lawrence County rebuilt its system and was back online on May 1, 2020.
In the end, nine of 12 devices are compromised and Crum said the system was built better with more safeguards than before.
“Because it was shut down as quickly as it was, they didn’t steal any data. The FBI confirmed that with us, no data was extracted,” said Crum. “But I can’t tell you how sickening it feels.”
Vulnerability and dangers continue to threaten home computers and phones everywhere. See what you need to do to stay safe from ransomware attacks in our Special Reports ‘Cyberattacks Hitting Home’ all day Tuesday on WKRN News 2 in every newscast and on WKRN.com.
While no ransom was paid, the cost of rebuilding the system cost $20,000. Insurance paid for this at no cost to the citizens. According to Crum, the FBI is still looking into who infected the dispatch center 18 months ago.