San Benito County government computers have been down more than a week after the system was taken offline Aug. 18, when a malware virus was found in the system.
Kevin O’Neill, manager of the San Benito County Office of Emergency Services, confirmed Aug. 27 that the county’s computer servers had been offline for nine days.
According to an Aug. 29 press release, after identifying critical systems that needed to be operational to maintain public safety, public administration, and other essential services, technicians were able to quickly give departments the functionality needed to perform those tasks.
“Other departments have been able to utilize cloud-based systems or state systems that operate free of the county network; therefore, these departments noticed very little or no impact to the services they provide,” the press release stated. “For all remaining functions, departments have implemented ‘pen and paper’ techniques to continue fulfilling responsibilities.”
County employees began having issues with their computers about 10 days ago, O’Neill said Aug. 27. He said computers would automatically log off and the information technology (IT)
department began to suspect something was wrong on the back end of the system. The county decided to take the entire system, comprised of nearly 400 computers, offline on Aug. 18.
“Out of an abundance of caution, they decided to pull the plug on everything, while they went in and scanned everything,” O’Neill said.
The local government scanned its email exchange, as well as every server and computer hard drive numerous times. There are plans to reinstall antivirus software, O’Neill said, a process that would take at least an hour for each computer, or nearly 400 hours. While the exact malware has not yet been identified, O’Neill said it is not thought that the county was purposely targeted.
“It seems like it’s one of those things that someone created that is malicious and designed to cause havoc,” O’Neill said. “It does not look like it is some kind of cyberattack on San Benito County.”
At this time no employee is suspected of doing something wrong or introducing malware into the system, he said. It still not clear which computer was first infected, but as each is inspected and scanned, O’Neill said they can determine the time of the infection and will be able to trace it back to the origin.
So far, the systems don’t seem to have been damaged.
“We don’t believe any information was compromised,” O’Neill said. “We didn’t have to bring in any outside consultants because we already had some that we work with on a regular basis and they’ve stepped up and have been helping us through this with the county IT department, working long hours to get this done.”
It’s too early to determine how many work hours were lost due to the system being taken down, O’Neill said.
“Many of the critical pieces of county work are still being done [by hand and paper forms, such as invoices],” he said. “It’s just at what capacity and how efficiently. We’re still doing stuff.”
The San Benito County Sheriff’s Office was considered a priority to get back online as soon as possible, O’Neill said. He also said employees are using the down time to catch up on work that normally isn’t a priority, such as filing paper files.
O’Neill said by phone Aug. 28 that the system was still down, but he hoped the email service would be restored by the end of the day. It remains unknown when the system will be entirely restored.
“We would like the public to be aware that all county personnel do not currently have access to their emails. If you need assistance, please visit the office during business hours, call, fax, or use the postal service to submit documents to County offices. Phone numbers and addresses for County departments can be found by visiting cosb.us/county-departments/,” the Aug. 29 press release stated.
The release added, “San Benito County understands the frustration the public may feel over this incident and appreciates everyone's patience while we work through it. Once everything is back online, IT will conduct an in-depth investigation into the cause of the virus and ensure the necessary protections are in place to avoid any similar events in the future.”