PALMER, Alaska (KTUU) — Months after a sophisticated cyber attack took the Mat-Su Borough's network offline, the borough is shifting around funds to continue its effort to rebuild and upgrade its network infrastructure.
The Mat-Su Borough Assembly is scheduled to vote on a proposal to re-appropriate $1 million drawn evenly from two different funds: $500,000 from the Major Repair and Renovation Reserve Fund, and $500,000 from the Capital Expenditures Reserve Fund.
All of the money from these two funds will be applied to the Emergency Response Reserve Fund for the borough’s portion of costs associated with the attack, according to the proposal.
So far, the borough has spent $2.1 million on rebuilding its network and upgrading security protocols. $1 million is expected to be reimbursed by cyber-crimes insurance.
The borough has requested emergency assistance from the state and federal government, though it remains to be seen if that assistance will be approved.
Perpetrators of the sophisticated cyber attack demanded a ransom of $400,000, leaving the Mat-Su Borough with a choice; to pay, or not to pay?
CEO of IT Solutions business Deeptree, Inc. and IT security specialist Peter House says he agrees with the decision made by Mat-Su Borough Manager John Moosey to not pay.
"Frankly, I thought they made the right decision," House said. "It sends a signal, which is that mid-tier organizations like this one, with a few million dollars, isn't worth it."
This kind of cyber attack has become a business, House says. It's a simple formula: Drop the ransom ware on unprepared servers, and wait for the money to roll in.
"People will capitalize on that systemic weakness that we haven't attended to," House said.
He says the attack has actually improved the Mat-Su's network security. He says we live in a time where it's necessary to prepare even small networks for ransom ware attacks.
"We will be better for it. It's evolutionary pressure," House said. "It's just something that we need to do and it's time to do it."
The City of Valdez, also hit by the ransom ware attack, paid out -- a nearly $27,000 roll of the dice by the city that saved a lot of money in damages.
But the Mat-Su took the bullet to send a message to future cyber attackers, denying the ransom and incurring millions of dollars in damages.
Borough IT Director Eric Wyatt says if he were faced with the same scenario, he wouldn't hesitate in making the same decision.
"I don't believe in terrorists or dealing with criminals in that way," Wyatt said. "We were able to recover very nicely with backups and with data that was recoverable. So no, I would do the recovery the same way we did the recovery again if we had the option."
The Mat-Su Borough Assembly was slated to vote on the ordinance to refuel emergency response funds lost to the cyber cleanup at its regular meeting Tuesday. They decided to push the vote until Dec. 18.
Editor's note: A previous version of this story incorrectly stated that Deeptree Inc. CEO Peter House advised the Mat-Su Borough not to pay the ransom. House became involved with the incident response after the decision to not pay had already been made.