The Ross County Sheriff’s office has had their internal systems hacked, which has compromised thousands of people’s information.
The Guardian exclusively learned the information from whistleblowers inside the county and the law enforcement complex.
According to public records the Guardian obtained, someone inside the Sheriff’s office downloaded an infected file from an email. From there, the hackers were able to spread to all computers within the Sheriff’s office’s network.
Once inside the network, the hackers had access to “everything,” according to emails and public records obtained by the Guardian.
It is not immediately known what information has been stolen by the hackers, but the hackers had access to payment information, social security numbers, police reports, 9-1-1 calls, videos, case files, pictures; virtually anything digitally stored on a computer inside the Sheriff’s office has been corrupted and possibly stolen, according to anonymous sources who spoke to the Guardian on condition of anonymity because they were not authorized to speak publicly about the matter.
The hackers were able to gain entry into the email accounts of deputies and top brass, and then sent emails out to hundreds of other people and governments agencies, including the Guardian and several Ross County Government agencies, in an attempt to infect those agencies and companies, as well.
The Guardian obtained emails through a public records request from the Ross County Auditor that detailed some of the attack. The emails to the Auditor’s office were written by county IT engineer Andy Wettersten, who sent out a memo to several county agencies alerting them to the issue. Wettersten oversees numerous county agency server networks within Ross County, but does not deal with the Sheriff’s office, according to the county commissioners. Instead, the Sheriff’s office uses a California based IT company.
“Someone is piggy-backing off real communications and then forwarding a modified version of the email, in an attempt to trick County users,” Wettersten wrote in his email to county agencies. “The “sent from” name will be a familiar name, but on closer inspection, the actual email address that’s being “sent from” is completely different and garbage.”
Wettersten did not identify the Sheriff’s office in his email to other county agencies, but the Guardian was able to track down the source of the infection since our publication received one of the infected emails. Fortunately, the Guardian’s servers were spared because our team recognized the attack as it came in.
“The malicious actor then feeds that information into an automated system that sends phishing emails against us, using the original email to help foster legitimacy, and does their best to “spoof” who it’s really from. So, Office A will get an email that looks like it comes from a trusted source, along with a malicious attachment. The goal is to get you to open that attachment.”
Wettersen could not be reached for comment on Tuesday.
The data breach was able to be traced back to at least September 30, according to emails, and as the Guardian published this story on Tuesday afternoon, the hackers are still inside roaming around, where they have been for a week.
The Sheriff’s office has not released a statement on the matter and did not reply to the Guardian when asked for comment. However, the Sheriff’s office has filed a claim with their insurance company with hopes that money will help solve the issue, public records show.
Meanwhile, the Sheriff’s internal team has tried to blame the issue on their email host; a company called “Green Geeks,” instead of realizing the severity of the issue, our sources said.
The Guardian spoke with Green Geeks on Tuesday, who said their company merely hosts the Sheriff’s email and was in no way associated with the attack, itself.
According to emails, no other county agency was infected and the county’s internal IT team was able to stop the hackers from spreading into any other government agency.
