GPD chief updates city on ransomware attack

Graham Police Department Chief Brent Bullock said Tuesday damage was minimal after GPD was one of more than 20 entities in Texas hit by a ransomware attack on the morning of Friday, Aug. 16. As of Thursday, the department were investigating the possibility of another problem occurring due to the ransomware.

In a press release from Tuesday Aug. 20, Bullock said the department has a stand alone system which is not tied to any other department within the city. He added this means the threat posed only effected the police department and no other city departments.

“Due to having a qualified officer assigned to information and technology here at the police department, the damage to our system was limited compared to what other agencies are reporting,” Bullock wrote. “Based upon the current state of the forensic investigation, it appears that no personal information on the Graham Police Department’s system was compromised.”

The chief added in the press release the GPD computer system was in service and operational as of Tuesday.

Bullock gave another update to City Manager Brandon Anderson, Mayor Neal Blanton and councilman Darby Brockway Thursday regarding the ransomware attack.

“It came through a portal that we had with our IT people basically,” Bullock said. “We have a total of five servers at the police department and of the five, three are basically the backbone of the department. One is for videos for cameras and body cameras and such. The number one server allowed it to come and it did take that server basically hostage. It is our oldest server that we have. It is basically the driver for our printer. For everyone to print on the network with some other things on it that were kind of older stuff we didn’t use.”

Bullock said the department had just installed the antivirus software, Bitdefender, which stopped the ransomware on the second server and isolated it from going any further. Sergeant Chris Denney who is in criminal investigations and does IT for the department has been working with another IT group from Wichita Falls for a week on the problem, Bullock said.

According to the Texas Department of Information Resources, the State Operations Center was activated with a day and night shift. The department believed as of 5 p.m. Saturday that evidence gathered indicates one actor is responsible for the attacks.

According to the release, the DIR, the Texas Division of Emergency Management, Texas Military Department, the Texas A&M University System’s Security Operations Center/ Critical Incident Response Team, the Computer Information Technology and Electronic Crime, Cybersecurity and Intelligence and Count Terrorism units of the Texas Department of Public Safety and the Texas Public Utility Commission are among the state agencies supporting the attacks.

“We have a central location where we report all of our findings and all of our issues and what not and they have been in direct contact with us probably three or four times a day,” Bullock said Thursday. “They are doing an investigation on it. It said in the press release that they have got it down to just one single person that did this as an individual. Of course they are not going to share that much more with us, so we are limping along, but we were still able to do our reports as of yesterday.”

Bullock said an additional “gift” might have been embedded in the server, so as of Thursday morning the department was offline to investigate.

“They are trying to figure what that is that is trying to come back and take us hostage again basically,” Bullock said. “I feel it is going to be a lengthly project and it is going to be for a while. We have everything limping along and we were up and running, but, after the setback yesterday, I was told this morning about it that we are going to be down some today.”

Bullock said the department has a program installed on everything they have from the state which reports back to them every 30 seconds and he said this second occurrence had bypassed the process at some point.

The DIR release said they believe they have identified and contacted all entities which were potentially or actually impacted. The count as of Saturday was 23 entities, according to Young County officials during the Aug. 19 Commissioner’s Court meeting, the attack affected mostly policing agencies Wichita Falls Police Department and Sheppard Air Force Base. Bullock said the count of effected agencies was reduced to 22 on Tuesday, Aug. 22.

For the rest of the story, see the Saturday, Aug. 24 edition of The Graham Leader.