The ransomware that disabled Imperial County’s computer system entered the network through a ‘phishing’ email with an attachment that was opened, county Board of Supervisors Chairman Ryan Kelley said on May 1.
County officials had not previously revealed the cause of the cyberattack that for weeks crippled the county computer system, emails, website and parts of its phone system.
Kelley was reluctant to say it was one person who was responsible for opening the email, because others opened the email after the initial infection.
"It was a cascade of events," he said.
"I don't want to say one person did it ... We know where the first piece happened; our patient zero," Kelley said. "But there's more to it than that. Others also opened it."
He added information is still being gathered about how many computers were affected initially, and how it spread through the network.
"We know how far it got, but the early stages of its entry, we're still looking at that," he said.
Kelley added the county plans to issue a full report on the attack to the public in four or five weeks.
The county discovered on April 13 a malware variant known as “Ryuk” had blocked access to the county computer network, website, email and parts of its phone system. A ransom—unconfirmed at more than $1 million--was demanded for access to be returned.
So-called ‘phishing’ scams send out emails with attachments masquerading as important messages from reputable or legitimate businesses, such as banks or credit card companies.
Kelley added the county has received several calls to share information with "other governmental agencies being attacked right now by the same malware," but did not say which agencies had inquired.