Ransomware Attack Forces Alaskan Town To Use Typewriters For A Week


Officials from Matanuska-Susitna (Mat-Su), part of the Anchorage Metropolitan Statistical Area in Alaska, said that they were experiencing ransomware infection.

The ransomware, dubbed the BitPaymer Ransomware, crippled the Borough's government networks, and forced its IT staff to shut down a large portion of the infected systems.

As a result, many of the people in the area had to use typewriters, as Mat-Su cleaned and rebuilt the compromised 650 PCs and servers.

"Last Tuesday, July 24, the Borough first disconnected servers from each other, then disconnected the Borough itself from the Internet, phones, and email, as it recognized it was under cyberattack," said Mat-Su Public Affairs Director Patty Sullivan.

"Since then, infrastructure is steadily being rebuilt, computers cleaned and returned, and email, phones, and Internet connection becoming restored."

Gary Koskela
Gary Koskela from Mat-Su Borough, uses a typewriter to work. Several areas of the Borough were resorting to old-fashioned techniques to stop the virus from spreading

The attacked infrastructure included everything from computer systems to telephones, servers and email exchanges. A similar attack was launched against the city of Valdez in Alaska.

Systems that weren't affected, include payment card data and Mat-Su's official website.

"Without computers and files, Borough employees acted resourcefully," said Sullivan. "They re-enlisted typewriters from closets, and wrote by hand receipts and lists of library book patrons and landfill fees at some of the 73 different buildings."

Employees were left with no other choice but to use hand receipts.

The Mat-Su experienced, was "multi-pronged, multi-vectored attack"

Working with the FBI, Mat-Su IT Director Eric Wyatt isolated and identified the "virus" and gathered information to help the federal agents.

Wyatt called the virus as "not a single virus but multiple aspects of viruses together including trojan horse, Cryptolocker, time bomb, and dead man’s switch." Wyatt also explained that the "virus" searched and tried (but failed) to corrupt the Borough's backups.

"This is a very insidious, very well-organized attack," said Wyatt. "It's not a kid in his mom’s basement."

Later, Wyatt finally identified the virus as the BitPaymer, a ransomware strain first spotted in July 2017, and made news headlines in August 2017 when it attacked some hospitals in Scotland. As for Mat-Su, the virus appeared to have been lying dormant/undiscovered since as early as May 3rd, according to Wyatt.

The attack was initiated when the cryptolocker feature of the malware began the encryption process, and all the computers connected the network got encrypted.