HomeMy WebLinkAbout05. Update on IT Computer Virus5,
Central Contra Costa Sanitary District
May 28, 2014
TO: ADMINISTRATION COMMITTEE
FROM: DAVID M. HEATH, DIRECTOR OF ADMINISTRATION -b4
SUBJECT: UPDATE ON INFORMATION TECHNOLOGY COMPUTER VIRUS
In late April of this year the District experienced the infiltration of computer malware
known as CryptoLocker which encrypted several data files on the District's file server
rendering them unreadable. The District currently uses McAfee Virus Protection which
was unable to detect and block the malware. The perpetrator offered to provide the key
to recovering the data files for a ransom of seven bitcoins or the equivalent of
approximately $3,200.
In discussions with the District's General Manager and District Counsel it was decided
that we were unwilling to pay the ransom requested and would instead pursue
recreating the data files internally. In the process of evaluating this problem I discovered
that there are weaknesses in the District's data backup and recovery processes which
precluded staff from recovering previous versions of the data files that were encrypted
by CryptoLocker malware. This resulted in staff having to manually recreate the affected
data files.
Staff is working with Nexlevel Information Technology Inc., the consultant currently
working with staff on the Information Technology Master Plan, on contracting with a firm
that specializes in testing security weaknesses and data backup and recovery
processes to evaluate vulnerabilities and recommend solutions. The current estimate of
this engagement is $10,000 which will be funded out of the Information Technology
capital budget the current balance of which is approximately $250,000.