Butler County sheriff’s cyber breach bill: $180,000

The Butler County Sheriff’s Office cyber attack late in 2020 cost nearly $180,000 to fix, and insurance covered a significant piece.

Last December, a malware attack disrupted the Computer Aided Dispatch (CAD) system and other parts of the sheriff’s department operations. BCSO Finance Director Vickie Barger told the Journal-News the total cost for equipment, repairs and overtime was $179,416, and the county’s insurance company paid nearly $70,000.

Chief Deputy Anthony Dwyer at the time described the extent of what they needed to do to make sure no other malware was lurking.

“We went into ultra-safe mode. We basically disconnected everything and went back to redo our complete system,” Dwyer said. “Whenever you get malware there’s always a chance of it re-infecting something. So we were ultra cautious, we took everything offline and the technical services guys touched every computer in the agency and every computer that touched our system, to wipe them clean.”

The breach mainly impacted the CAD system, which meant dispatchers and the crews they were sending to emergencies had to resort to pulling out maps and pens and paper to get the job done and reports generated.

The sheriff’s systems are separate from the rest of the county so other offices were not infiltrated. Dwyer said they hired a security consultant to sort out the mess. He told the Journal-News things are back to normal now and “our security measures have been ramped up and I feel pretty good about where we’re going.”

“We’ve pretty much run that gamut and we were able to recover all of our data, almost in the entirety. There’s a small, small amount that was lost. We’ve been able to work through all the safeguards we’ve put in place,” Dwyer said. “But by no means feel the threats aren’t still out there. You’ve got people trying to hack government sites everyday.”

Commissioner Don Dixon said Butler County’s cost to rectify the malware attack is miniscule compared to the $5 million the Colonial Pipeline paid to hackers in order to reopen 5,500 miles of pipeline.

“It’s a cost that goes on the bottom line and we have to deal with it,” Dixon said. “But it’s everyday an occurring problem, people trying to hack into the systems and get the codes and then try to hold you hostage for that information. It’s a sign of the times, what do you call it progress, I guess it is.”

Dwyer said hackers could not have held them hostage in this instance because the problem was detected almost immediately and only a “miniscule” amount of data was lost..

“If you need that data and you don’t have the keys to open it back up and you don’t have good recoverable back-ups is when you’re really in trouble, cause the only way to get your data back is to pay them,” Dwyer said. “We were fortunate enough to have good, timely back-ups so we only missed a small amount (of data) in real time when they actually realized there was a problem and they shut the system down.”

Nearby Clark County suffered a malware attack just last week, hampering operations in several departments. Their system was breached and all servers except the 911 system were shut down, according to our news partner the Springfield News Sun.

The breach disrupted several county operations like records searching through the clerk of courts, online utility payments and other services. Officials would not say specifically which offices were impacted due to security concerns. As of Wednesday the network was still not fully functional but the Courtview records system had been restored.

About the Author