In a news release posted to the county's temporary website Sept. 1, local officials said the Governor's Office of Information Technology determined the cyberattack that affected most county departments was executed by BlackCat ransomware, also known as ALPHV. Actors affiliated with BlackCat often request multi-million-dollar ransom payments of cryptocurrency like Bitcoin or Monero to recover encrypted digital files, according to an April report from the Federal Bureau of Investigation.
The cyberattack affected Fremont County's servers but did not disrupt state or federal agencies, spokeswoman Anne Reid said Wednesday.
She could not disclose whether the attackers demanded a ransom. The county announced the operators of the cyberattack in a press release late last week to inform residents and other agencies of the attack and encourage them to beware, Reid said.
"We wanted to make this more visible, because it has impacted other agencies throughout Colorado, and give them a heads up that this was happening," she said.
The FBI's spring report found BlackCat/ALPHV ransomware has compromised at least 60 entities across the globe as of March.
In the weeks since the digital intrusion the county has worked to restore critical systems, but not all offices are back online yet, Reid said. There was still no timeline for the county's full reopening, she said.
Investigators "are looking at a number of systems and the number of departments impacted. We've been prioritizing and re-prioritizing to get those departments up and running" one by one, she said.
Emergency 911 calls and COVID-19 testing have been functional throughout the disruption and last week the busy Fremont County motor vehicle division reopened for appointments only, Reid said.
Information technology experts continue addressing impacted systems and are looking to implement protections to avoid a similar attack in the future, she said.
"It's imperative that every business and government agency be on high alert and take the necessary steps to protect their systems from being compromised," Ray Yepes, the Office of Information Technology's chief information security officer, said in the Sept. 1 release.
The personal information of county employees and a "small number" of residents might have been compromised in the attack, the release said. Fremont County officials are preparing to notify those who may have been affected by mail and are working with Experian to offer credit monitoring services, they said in the release.
Local officials are working closely with the Governor's Office of Information Technology, the Colorado Department of Public Safety and the state Division of Homeland Security and Emergency Management to help other Colorado counties and municipalities understand how to protect themselves, the release said.
"Any sort of cyberattack seems like a violation," Reid said. "... We have some great resources helping us through this difficult time and we're thankful for that."
People can avoid cyberattacks like this one by implementing best safety practices online, Reid said. She recommended people update their digital passwords often and cautioned against opening suspicious emails or any links contained inside.
The National Cybersecurity Alliance also recommends regularly checking all personal and professional internet-connected devices like computers, smartphones and tablets for malware; using multi-factor authentication; using long, unique passwords; and using a password manager to safely store them.
Residents can visit the temporary Fremont County webpage at fremontcountyco.state.co.us for updates.
© 2022 The Gazette (Colorado Springs, Colo.). Distributed by Tribune Content Agency, LLC.