Clark County Water Reclamation District computer system hacked

The FBI has been asked to investigate a cyber attack on a Clark County agency’s computer system, the Review-Journal has learned.

Multiple sources told the Review-Journal that the Clark County Water Reclamation District’s computer system was breached and that the hackers demanded a ransom.

Clark County Commissioner Chris Giunchigliani confirmed that commissioners were told about the matter and that the FBI is investigating.

FBI spokeswoman Bridget Pappas declined comment.

“The FBI does not ordinarily confirm or deny the existence of an investigation,” she said.

The ransom amount and whether the county paid the hackers is unclear.

The county has a cyber liability policy, which covers cyber extortion. However, the water reclamation district is not covered under that policy. It is unknown at this time if the district has its own policy.

Marty Flynn, spokesman for the sewage treatment agency, said he did not know about an FBI investigation or a ransom demand, but that reclamation district staff had reported an issue to the IT department over the weekend.

“The treatment plants are operational,” Flynn said. “We are fully functional as far as our business goes.”

Customer records and employee information were not affected, according to Flynn.

Local governments and businesses have increasingly been plagued by hackers using what’s known as “ransomware” to hijack data. Police departments in Maine, Illinois, Massachusetts and other states have been victims, with some agencies paying out less than $600 to hackers in order to regain access to their own information.

In February, hackers held a Los Angeles hospital hostage.

A cybersecurity standoff went on at Hollywood Presbyterian Medical Center for more than a week and ended with the hospital paying the hackers about $17,000, according to The Associated Press.

Arizona State University Professor Gail-Joon Ahn, who directs the school’s Center for Cybersecurity and Digital Forensics, said ransomware is a serious problem.

Picture this: An office building under siege by bandits who pick up essential files, shove them in a safe and then say, “Pay up or we’re throwing away the only key.”

That’s essentially what’s happening with ransomware, Ahn said. Except the bandits are unseen and intend to stay that way typically by demanding payouts be done in bitcoin, an anonymous digital currency.

Businesses and government agencies run into problems because the seizure of data can grind their operations to a halt, he said. If an average citizen’s personal computer were infected, they might lose some files but can ultimately just buy a new device. But for governments and businesses, the risk is losing essential information for which they may have no backup, according to Ahn.

During the recent incident involving the Hollywood hospital, patient history was out of reach and staff had to resort to using paper and pen while the ransom was negotiated and some patients ended up being transferred to other hospitals, according to news reports.

Ahn said to combat the rise of ransomware governments and private businesses must work together to share information on what he called the “indicators of compromise,” basically clues that could be used to figure out a hacker’s technique. Knowing a hacker’s methods can help potential victims minimize the damage from attacks or avoid them altogether, Ahn said.

Review-Journal writer Ben Botkin contributed to this report. Contact Bethany Barnes at bbarnes@reviewjournal.com or 702-477-3861. Find her on Twitter: @betsbarnes