Scam Email Led To Delco Computer System Hack: Officials

DELAWARE COUNTY, PA — Officials in Delaware County said the computer system hack that occurred in November stemmed from a scam email.

In an update on the system attack that occurred between Sept. 10 and Nov. 21, Delaware County's Chief Information Officer Frank Bilotta said the incident began with a "phishing" email sent to a county employee. "Phishing" is when someone attempts to access personal digital data through fake emails, instant messages, and other forms of electronic communication.

According to Bilotta, the email contained software designed to attack computers that was subsequently downloaded. The software, known as "malware," then captured credentials and infiltrated the network.

"During the period between Sept. 10 and Nov. 21, the threat actor was most likely stealing credentials, identifying sensitive data, and exfiltrating the information from the County’s operating environment," Bilotta said in the report.

Sometime between those dates, a program that threatens to release county data such as potential personal information until a ransom is paid, was activated in the county's computer network. These programs are referred to as "ransomware."

Delaware County Executive Director Howard S. Lazarus then recommended the ransom be paid be made as the county’s exposure was limited to the deductible amount of $25,000 on its insurance policy and that working with the threat actor would accelerate system restoration and prevent information from being published.

"Upon payment of the ransom, the threat actor provided the decryption tool necessary to unlock the County’s systems, a list of the files that were exfiltrated, and a general description of how the cyberattack commenced," Bilotta said.

Before the ransom was paid, Lazarus informed local officials, as well as the Department of Homeland Security.

Additionally, the county’s information technology staff started working to take back the system environment and credentials. Those staffers also installed software to protect each computer and to stop hacker from communicating into or out from the system.

The county has since taken actions to prevent another incident such as this.

Information technology staff is taking these steps to provide a more secure environment going forward:

• Rebuild clean versions of the County’s server infrastructure.
• Update old versions of operating systems and apply security patches.
• Remove old hardware and software solutions that are threat vectors.
• Remediate vulnerabilities that outside support agencies have identified.
• Assess whether or not personally identifiable information was compromised and take appropriate steps to comply with all required laws and requirements.

Additional measures the county is pursuing to prevent cyberattacks are:

• Establish and enforce rigorous and centralized system security and data quality standards for all
• County systems.
• Move data storage to more secure, off-site environments.
• Systematically upgrade security applications, scheduling system down-time as necessary.
• Continually evaluate the effectiveness of back-up systems.
• Create and integrate an information technology component into the Capital Improvement Program
• (CIP) to allow for cyclic and systematic upgrade and replacement of computer hardware and software.
• Create a single County domain (to the greatest extent possible) and review access and operating protocols for externally-required systems.