The entire Orange County computer network was out of service Monday after it was attacked by a ransomware virus, causing slowdowns and service problems at key public offices such as the Register of Deeds, the sheriff’s office and the county libraries.
The source of the attack is still unknown, but it was discovered around 6 a.m. Monday, leading to the entire computer network being shut down out of precaution.
A variety of services were impacted, the county said.
The county’s Register of Deeds office could not process real estate closings or issue marriage licenses, the county’s housing department couldn’t process any vouchers and the Tax Office was unable to verify tax bills.
Additionally, the county’s Planning Department was unable to process fees or permits, and the county libraries’ public computers were out of service, among other issues.
Jim Northrup, who leads Orange County’s IT department as its chief information officer, described the attack as “an encryption virus,” a form of ransomware.
Ransomware is a type of malicious software that can deny a user access to data once it has infiltrated a computer — often times the attacker will demand a ransom to have a computer restored, according to computer security company Norton. This particular ransomware attack was accompanied by a message, but Northrup declined to comment on what the message said beyond saying it had many grammatical errors.
Northrup said the county wasn’t close to a total fix to the attack yet, but noted that the county’s IT department is starting to get its head around the virus. However, it is still unclear when service might be restored across the network.
Initially, the county believed the attack to be more severe. The county has been hit by ransomware before — two or three times in the past six years, Northup said — but never to this extent, with servers that usually never get touched by viruses being attacked.
“This morning was a total freakout. We shut everything down … and told everyone not to turn their computers on,” Northup said. “It was a big unknown. But now that we are starting to draw lines around the problem, we are starting to know more.”
Northrup said late Monday afternoon that he doesn’t believe any data, such as Social Security numbers, was compromised or harvested as part of the infiltration. He added that most of the data that was encrypted — or currently unable to be accessed — because of the virus was already backed up.
“We have been pretty lucky so far,” he said. “Everything we have gone to restore has been backed up. We have a fairly robust backup system … and the problem is getting smaller and smaller.”
On Facebook, Mark Chilton, the Register of Deeds for the county, said the network would likely not be operational for a few days.
Northrup said that while some services could be restored tomorrow, “it’s going to be a long week no doubt.”