FRANKFORT, Ky. — The Jefferson County Clerk’s Office (JCCO) was in Frankfort providing an update to lawmakers on the recent cyberattack which shut down every branch for several days in July. Hackers were also able to steal 47 gigabytes of data which is about the size of an Xbox video game.
According to investigators, individuals affiliated with a Russian-based hacking group “RansomHub” were taking credit for the attack on the dark web.
"The hackers gained access to the clerk’s network by using compromised credentials to log in through a remote service called a virtual private network,” said David Summerfield, the executive director of JCCO. “Which allows employees and authorized vendors to gain secured access to agency resources when working remotely.”
At the monthly Investments in Information Technology Improvement & Modernization Projects Oversight Board committee meeting, Summerfield said the hackers searched for valuable information and then encrypted files. This action prevented JCCO from recovering them. They also deleted backups and turned off services that would have restored their systems.
The clerk's office said they partnered with their vendor Trace3 to prevent "RansomeHub" from reaching their systems through the same route. Summerfield said this prevented them from reaching their cloud-based servers that contain data on motor vehicle titling and registration, voter registration, land records recording and indexing, marriage licenses, budgeting and accounting, human resources applications, credit card processing and poll worker recruitment training.
The group is threatening to release the stolen data unless a ransom is paid, however the clerk's office said it has not -- and will not -- negotiate with the hackers.
“Unfortunately on August 12, 2024 we were informed by the multistate information and sharing analysis that ‘RansomHub’ had posted a message on the dark web blog claiming they had successfully stolen county clerk files along with a reported list of those files," said Summerfield.
It’s still unclear what information hackers were able to obtain, but the clerk’s office said the risk to the public may be minimal. Officials believe the data could be information on employees or election officers, like poll workers.
“There’s no way of knowing for sure what they have,” Ashley Tinius, a spokesperson for the clerk’s office, said. “But it’s a lot more of our personnel data than anything that the public would be worried about.”
Summerfield said they continue to take the threat seriously until they are able to possibly debunk it.
“We do not know what the hacker’s ransom demand is,” Summerfield said. “It is worth noting that ‘RansomHub’ criminals had previously made demands of as much as $22 million in a past incident involving United Healthcare.”
The clerk’s office continues to reiterate that Louisville’s election security was not impacted, and officials do not believe voter information was compromised.
‘Very little action’ from Frankfort
State Senator Gex Williams (R-20) invited representatives for the clerk’s office to speak at Wednesday’s committee meeting to plead for legislators to improve statewide cyber security, warning other Kentucky counties could be just as vulnerable.
“We know no matter how secure you are, there’s always going to be failures,” Williams said. “So how can we help remediate the costs of failures? How can the state help better prepare the reduce the number of failures we have?”
Summerfield said there’s been little support from lawmakers since the attack.
“As far as the state and federal government,” he said. “There’s been a whole lot of talk and a whole lot of advice, but very little action.”
Williams said legislators are in the process of creating a cyber coalition committee which could include the Kentucky National Guard.
"We need to get the guard and state agencies all working together to get a rapid response," Williams said. "There's prevention and there's recovery."
The clerk’s office revealed it’s spent just under $100,000 of taxpayers’ money to get its systems back up and running with extra security. However, Summerfield said he expects that cost to continue to rise.
“Again, we’ve formed relationships with state and federal agencies that help us [prevent these attacks], provide resources and help us with advice,” he said. “Yet, here we are.”
Williams said there needs to be action taken before the General Assembly meets again to discuss the Commonwealth's budget. He wants the committee to look into any federal funding to get the process started.
"I'm thinking we're going to look at structures to get the agencies, somebody, some organization or some group that is responsible to responding these attacks." Williams said. "That can obtain the federal funds that are available for the attacks and then they're the vehicle we can better fund in the next budget session."
The clerk's office said if a successful attack was able to hit them then other counties within the Commonwealth are just as vulnerable. Summerfield said they've looked into cybersecurity insurance but that the cost are too high.
Make it easy to keep up-to-date with more stories like this. Download the WHAS11 News app now. For Apple or Android users.
Have a news tip? Email assign@whas11.com, visit our Facebook page or Twitter feed.