Illinois County Stricken with Grief

Written by

A new organized cybercrime group claims to have stolen sensitive data belonging to a county in Illinois. 

St. Clair County disabled its website on June 2 out of “an abundance of caution” after suffering a cyber-attack. Ransomware gang Grief has claimed responsibility for the digital assault.  

Because of the incident, several county services were rendered unavailable from May 28, including access to court records and payment for ticket fees. 

The county jail's network was also impacted, with one woman telling 5 On Your Side that her partner was held past his release date because of the cyber-attack.

"I keep being told that the jail is on lockdown because there has been a system failure since last Saturday, and I want to know what's going on," said the anonymous woman. "Nobody can get released. Nobody can post bond. They can't check out any information." 

County Information Technology Director Jeff Sandusky said: “Beginning around May 28, St. Clair County became aware of a cybersecurity incident involving our computer systems.

"We immediately responded to secure our systems and commence an investigation into the nature and scope of the incident." 

The county notified appropriate law enforcement authorities of the incident and said it has been "working diligently with industry-leading third-party cybersecurity specialists to investigate the source of this disruption and confirm the impact on our systems."

Sandusky added that the county has dedicated substantial resources to gauging the attack's full scope and will provide relevant updates as the findings emerge. 

The county's website via www.co.st-clair.il.us was restored by June 4, but some services remain unavailable.

Grief is an emerging ransomware group, which claims to have swiped data from at least five entities, including Mobile County, Alabama, and HDHC Home Decor. 

Screenshots of the group’s website in the TOR network show the group claims to have purloined 2.5 gigabytes of data from St. Clair. Internal company documents and personal and customer information are among the allegedly stolen data.

Grief emerged at around the same time as another new ransomware gang, Prometheus, which claims to have ties to REvil. 

What’s hot on Infosecurity Magazine?