April 24 and May 2, 2023 San Bernardino County emails discussing media responses to inquiries about a "network disruption" -- actually a ransomware attack -- suffered by the San Bernardino County Sheriff's Department. Document uploaded by Beau Yarbrough, staff writer for the San Bernardino Sun/Southern California News Group
Original Title
2023-04-24 and 2023-05-02 San Bernardino County ransomware emails
April 24 and May 2, 2023 San Bernardino County emails discussing media responses to inquiries about a "network disruption" -- actually a ransomware attack -- suffered by the San Bernardino County Sheriff's Department. Document uploaded by Beau Yarbrough, staff writer for the San Bernardino Sun/Southern California News Group
April 24 and May 2, 2023 San Bernardino County emails discussing media responses to inquiries about a "network disruption" -- actually a ransomware attack -- suffered by the San Bernardino County Sheriff's Department. Document uploaded by Beau Yarbrough, staff writer for the San Bernardino Sun/Southern California News Group
From: last. Dau 40)
Tor 0S — al Superverrs ans chi af st
ce Herindes, Leonard ~ C80; Rurcles, Dare; liars, Pavel; Guomar-Hurtaro, Martha
Subject: dia Acti She TPS IT
Date: Nene, spe 24, 2029 4995
‘Attachments: San Sarrardro County Gris Department sus dow bert syste follorg recent ciberatad:~ BCP
[osamelanct
mageLng
Board Members,
The attached ABC7 story (video here: brtpsy//abe7.com/san-bemardino-cvberattack-ransomware-
hyperlink/12.176620/ is the first media account to reportthat this wasa cyberattack, thet it was
ransomware, and/orthat it was likely activated by an employee clicking ona link in an email. This
story will probably lead to additional media inquirias to the Sheriff and to us. Our response will
continue to be that this wasa network disruption that is under investigation.
‘\s0, Beau Var brough/Southern Califomia News Group has asked when the Sheriff's Department
broke off fromthe County's IT and formed heir own, and whether this was discussed during a Board
mesting. Prelirminary research indicates this likely occurred about 20 years ago, and no information
on the process by which this occurred has been located yet. We will keep you informed onthis.
Please let me know if you have any questions,
Thank you,
David
David wert
Public nfarmation Officer
alforia
25N Reomentere, Fith For
San Boraidine CABB4I5 0129
SAN BERNARDINO
COUNTY
(Our job is to ereate 9 county in whieh those who resicle and invest can prosper and achieve well-being.
wow SBCouney gov
ORE424123, 8:40 AM San Bomardino Courty Sherif's Department shuts dew internet systoms folloring recent cyborattack -ABCT Los Angeles
San Bernardino County Sheriff's
Department shuts down internet
systems following recent cyberattack
g By Rob McMillen a
‘Sunday, April 23, 2023 4:19PM
The San Bernardino County Sheriff's Department has shut down systems such as email and
internet following a recent cyberattack
hitpsbc7.comisan-bemardine-oyberattackransomware-nyportinl/ 1817882014724123, 840.88 ‘San Bernardino County Sherif's Department shuts down Intemet systems following recent cyberaltack - ABCT Los Angeles
SAN BERNARDINO (KABC) -- More than two weeks after the San Bernardino
County Sheriff's Department was hit with a cyberattack, the department is still
working to get all of its systems back online.
Multiple sources have told Eyewitness News that the hack likely started after
someone clicked a hyperlink that was malicious, and that suddenly enerypted
many of the department's systems.
‘The sheriff's department was able to recover the data, but cut of precaution they
shut down most of its systems, including email, internet and many computers in
the department's vehicles just to make sure there were no more security threats.
The new protocols have forced deputies to do things the old-fashioned way, like
calling or radioing dispatch to run license plates or get information on a suspect's
background.
“Public safety operations have not been affected,” the department said in a
statement. "Deputies are able to run backgrounds on people and are still getting
dispatched to calls. The county is conducting a forensics investigation to achieve
a complete understanding of any impact to our operations before we fully use the
system."
County officials did not s
kinds of attacks are becoming more and more common.
if they paid any kind of ransom, but experts say these
Phe cost is pretty brutal, not just to financial - but in the case of law enforcement
- it's the agency, the people they are serving," said Vivek Bhandari of Titanium,
an organization that helps organizations keep their systems secure. "In the
hospitals, sometimes it can impact patient care and we've seen that."
Bhandari says the bottom line for eyber safety is to pay close to attention to what
you click on in an email.
"Phishing attacks are very common ways for attackers to get in. You get a user to
open a file, because, hey, here's a picture of your kid, or a picture from the get
ntps:fabe7 comisan-bemarcino-cyberattack-ransemware-hyperink/13176520) 212423, 840 004 ‘San Bernardino Caunty Sher’ Department shuts down Interet systems following recent cyberetack- ABCT Los Angeles
together last week. Something that will get someone to open an attachment or
click on a link is a common technique," Bhandari said.From: ect Dawid (CHO)
Te OSA Suncriccs BOS Chin of Stal
ce: Hauaclee Leena CAO; Wiliams. Pamala GuamanHudado, Martin
Subject: Hsia Response/SherifPs IT
Date: “Tuesday, May 2, 2023 2:00:53 Pt
‘Attachments: imagstOLona
Board Members,
Brian Rokos with the Scuthern California News Group last night asked the County if a ransom had
been demanded, ifso, how much, and whether the County intends to pay. He had been referred to
us by Sheriff Dicus.
In response, | will provide him with the response be |ow, [JAaManaaan rae soon
This will be the first official confirmation to the news media that this has been a ransomware
incident.
‘The network disruption within the Sheriff's Department was the result of ransomware that infected
portions of the department's information technology system.
‘The County had prepared for the possibility of such an incident by securing appropriate insurance
coverage. After negotiating with the responsible party, the insurance carrier and the County agreed
+to.8 payment to restore the system's full functionality and secure any data involved in the breach.
Insurance covers most of the payment. The County's share is $511,852.
The decision whether to render payment was the subject of careful consideration, On balance, and
consistent with how other agencies have handled these types of situations, this was determined to
be the responsible course,
AAs part of its ongoing criminal investigation, the Sheriff's Department is conducting a forensic
‘examination to achieve a full understanding of the incident, the findings of which will benefit all
public agencies looking to avoid a similar occurrence.
‘At no time did this incident comprom'se public safety or the Sheriff's Department's ability to carry
‘out its duties. No other systems within the County organization have been affected.
Additional information on this matter cannot be disclosed at this time in light of the ongoing criminal
investigation.
Please let me know if you have any questions.
Thank you,
David
David WertPublic information Officer
Sen Bectuing County, caotcia
Pron
EN Fith Flor
Ban Eematdine CADIS 0129
COUNTY
Our job is to ereate @ county in which those viho resicle and invest ean prosper and achieve well-being.
wun SBCounty.gov