Copyright © 2022 Albuquerque Journal
Less than three months after vandals fired gunshots at Bernalillo County’s Downtown headquarters, forcing its temporary closure, officials again shuttered the building because of a cyberattack Wednesday.
The county reported it had been hit by a suspected ransomware attack, prompting it to close most county buildings, suspend some services and halt visitation at the jail.
But details remained sparse about the origin and scope of the attack.
While the county said the incident likely happened early Wednesday, a spokeswoman later in the day could not say how the malware entered the county system, how many systems and computers were affected, or whether the attacker had obtained county data or just blocked access to it.
She also declined to say if the culprit had actually demanded a ransom payment.
“I cannot speak on that right now just because it’s also a crime and there’s an investigation,” spokeswoman Tia Bland said in an interview. “Right now we’re limiting information that we’re sharing.”
Ransomware is malicious software, called malware, “that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return,” according to the FBI’s website.
A number of other public agencies around New Mexico have fallen victim to ransomware attacks in recent years, including New Mexico Highlands University and the city of Farmington.
The attack in Bernalillo County – New Mexico’s most populous county – ground some, but not all, operations to a halt. Public safety departments continued to respond to calls and work as normal, thanks to some backup systems. While the county-run Metropolitan Detention Center stopped visitation, it carried on with standard intake and release functions. The county also kept community centers open and behavioral health services running.
But the incident prompted officials to once again shutter Bernalillo County @ Alvarado Square.
The county’s new headquarters, which opened in August after a $68 million renovation and addition, was hit by gunfire in October.
The bullets did not injure anyone, but shattered windows as high as the sixth floor of the atrium-style building. The damage and related mess led officials to close the building for 10 days.
While the new attack was not physical in nature, Bland said leadership chose to close the headquarters to “preserve information” for investigators looking at the computers. Also, she said, the building is presently of little use to the public.
“A lot of the services people come in for aren’t available – the computer systems are down. You can’t get a marriage license (for example),” she said.
The incident comes in the midst of property tax season – most owners have until Monday to pay their first-half tax bills before they are deemed delinquent.
While the building closure prevents in-person payments, the county is still taking payments online, via drop boxes and at Rio Grande Credit Union branches.
“We don’t know how long it’s going to take before we can open Alvarado Square and resume operations,” Bland said. “We’ll just take it day by day and see how it goes.”
Bernalillo County is not alone in its plight, as ransomware attacks have become increasingly prevalent.
Lorie Liebrock, director of the Cybersecurity Centers at the New Mexico Institute of Mining and Technology, said ransomware and cybercrime in general have risen during COVID-19, something she suspects is due in part to vulnerabilities introduced as employees began working from home and accessing systems from outside.
Recent years have specifically brought what she called an “explosion” of cases targeting certain sectors: governmental organizations, including counties and municipalities; school districts and other educational entities; and the health care industry.
The FBI’s Internet Crime Complaint Center received 2,474 ransomware complaints in 2020 resulting in $29.1 million in adjusted losses, according to its reporting, but Liebrock said governmental data often underestimate the scope of the problem. Some victims just never report it.
Other estimates show a much bigger problem; Cybersecurity Ventures, a research firm, had forecast ransomware would cause $20 billion in worldwide damage in 2021.
How a cyberattack victim recovers depends on a number of factors, Liebrock said, including how it backed up systems, how many systems were hit and how deeply the attacker permeated the system.
She said she could not estimate the potential costs to Bernalillo County without knowing the case’s specifics.
“I know for some of the school districts, it cost them hundreds of thousands of dollars to recover. It is a huge cost when you have a lot of systems that have to be restored, depending on exactly what they did to the systems and what you have to do to recover,” she said. “It’s expensive.”
Bland would not confirm if the county’s insurance covers cybercrime.