Warrick County Prosecutor's Office Cover Up Ransomware Infection

Prosecutor for Warrick County Michael J. Perry last week released a public statement claiming that shortly after taking office, he became aware of the fact that the ransomware known as cryptolocker had infected computers belonging to the Prosecutor's Office but that the security breach had been covered up by a Ms JoAnn Krantz, the elected Prosecutor at the time of the infection. Ms Krantz is also alleged to have directed employees of the Warrick County Prosecutor's Office not to discuss the ransom demands paid in bitcoin with anyone, telling her staff by email that:

"What happens in Vegas stays in Vegas – including issues/problems we might have with software and equipment."

At this time, Perry and his office claim that it doesn't appear to be the case that any personal information was compromised. Despite such a mincing of words, Perry's own press release states that files encrypted by cryptolocker included ones associated with social security numbers, names, addresses and personal tax information. Perry also makes no mention of whether or not the ransom was actually paid in order to recover the files, making clear his intent to save face by way of smoke and mirrors.

Perry's public statement is available as a PDF, text file and is quoted below.

Update – Asked for comment, Warrick County stated no money was paid in conjunction with the issue.

Friday April 24, 2015

Members of the Press and Media:

In the interest promoting trust and sharing information between the residents of Warrick County and the Prosecutor’s Office, we offer the following press release:

Shortly after taking office, I became aware of a possible breach of computer security that occurred in the Prosecutor’s Office sometime in March or April of 2014. This breach was the result of email that was infected with something known as a “cryptolocker virus.” This type of Virus infects a servers’ files, and encrypts them so that they are no longer useful. A secondary aspect of this particular Virus is a message from the originator of the virus that for a certain amount of “cyber” money (e.g. bitcoin), the encryption would be reversed and the files restored.

Some of the files that were included in this security breach were those in the Child Support Division, which include potential personal identifiers such as Social Security Numbers, Names, Addresses, Personal Tax information, etc.

The duties and responsibilities of this office mandate that the elected Prosecutor immediately notify certain government agencies of a suspected breach, including the IRS, the Federal Social Security Administration, and the State Child Support Bureau (among others). After a thorough investigation, it was determined that such notification was never done. In fact, during this investigation, it was discovered the elected Prosecutor at the time, Ms. Joann Krantz, not only failed to notify any of the respective agencies, she issued express orders to all employees that this matter was not to be discussed with anyone. This directive was contained in an email that stated, “Important reminder— “what happens in Vegas stays in Vegas”— including issues/ problems We might have with software and equipment.” (See attached).

Conversely, upon receipt of the information of the security breach, I immediately notified the District 8 Regional Child Support Representative of the suspected breach. This individual in turn, notified the State Child Support Bureau, who then began an exhaustive investigation into this matter, which included cooperation among the Warrick County Prosecutor’s Office, the Federal SSA, the IRS, and members of the State Child Support Bureau.

Several points of emphasis were gleaned from this investigation. First, under the direction of the elected prosecutor, the child support staff were improperly scanning Title IV—D cases and storing them in an unsecured fashion. Secondly, the elected prosecutor failed to fulfill the duties and obligations of her office by reporting the suspected breach and instead elected to suppress this information, which action hindered the subsequent efforts to determine if any personal information had been illegally obtained.

Finally, to the best information that all the invested parties to this investigation can determine at this date and time, there appears to not have been any personal and identifying information obtained by impermissible parties as a result of this breach. All available resources have been marshaled to ensure that future breaches will be next to impossible. We, as law enforcement officials are more than aware that Identity Theft is a very serious, and ever increasing crime. The Warrick County Prosecutors Office assigns the protection of an individual’s personal, identifying information as at highest priority If, however, by some illegal method, the computer servers of this office are invaded by some outside source, we can assure the general public that all appropriate authorities will be notified, all steps will be taken to protect the identities and identifying information of individuals who may have such on file with our office, and all individuals responsible for these criminal actions will be prosecuted.

Very Sincerely,

Michael]. Perry,
Warrick County Prosecutor

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>