Ransomware group claims it hacked St. Clair County; websites offline as ‘precaution’
Several services provided by St. Clair County via the web were unavailable Wednesday after the county disabled its website out of “an abundance of caution” following a ransomware attack on the county.
The www.co.st-clair.il.us website has been unavailable to the public since it was taken off line over the weekend. A ransomware group calling itself Grief claimed it targeted the county along with several other organizations demanding payment in cryptocurrencies such as Bitcoin and Monero, according to several publications specializing in cybersecurity.
In screenshots of the group’s website, obtained by the Belleville News-Democrat, the group claims it has 2.5 gigabytes of data including internal company documents, personal and customer information.
County Information Technology Director Jeff Sandusky said the county is not currently at liberty to comment on or confirm that there was a cyberattack but said the website would be up by the end of the day.
Earlier Wednesday, Sandusky said the website was taken down due to a “system issue” the county is working to fix. He said the problem was being investigated and the cause of the issue hadn’t been identified yet.
In ransomware attacks, hackers lift a small amount of data and offer to transfer it back when payment is confirmed. For larger amounts and sensitive data, hacker groups may encrypt the data within the network of a company or local government, only to decrypt it when payment is received.
However, while making payment restores access to the data, it doesn’t mean that data won’t also be sold on the dark web.
The county was among several other organizations targeted by Grief and another ransomware group identified as Prometheus.
Currently, the county’s web-based COVID-19 information, court records, property records and tax information are all unavailable, along with many other services.
Sandusky said in the meantime, some county services can still be accessed by calling the county’s switchboard at 618-277-6600.
This story was originally published June 2, 2021 at 12:17 PM with the headline "Ransomware group claims it hacked St. Clair County; websites offline as ‘precaution’."