It was anything but a normal Monday morning for several offices in the Carbon County courts on Aug. 21, 2023.

When employees arrived, it was learned that a ransomware attack had been detected on the court side of the network.

Computers were shut down, agencies were called to help determine what was happening and offices turned to pen and paper instead of computers to complete their daily tasks.

At the time, a statement released by the county read, “The security of our county residents remained our top priority. All of our essential services continue to operate, including 911 and emergency communications. County government is open to the public.”

Servers affected

Fast forward to 2024, four months after the hack, and some court offices are still feeling the effects.

One office in particular is the sheriff’s office, which, according to Sheriff Daniel Zeigler, was hit hard.

“We really didn’t know what was affected,” he said. “We came to find out that all our servers were affected and we could not access them.”

Zeigler said daily tasks like civil case paperwork, protection from abuse orders and foreclosure notices, which are all done electronically, had to be manually completed with pen and paper.

“We lost everything that was on that server,” he said, noting that since then, his office has been working with vendors to try to recreate everything they needed to properly operate. “We literally had to handwrite everything just so we could get papers out to be served. ... We really had to be creative and figure out how to still do our job without being able to access our computers.”

Checks couldn’t be printed because they were electronic. Forms for pretty much every aspect of operations were lost.

“We’re talking thousands and thousands of documents all gone,” Zeigler said. “I don’t even really know what I lost because I can’t get into the file to see what was in there.”

Sheriff sales had to be postponed for September, October, November and December, forcing a backlog and backing up million of dollars in sheriff sales.

Zeigler said that the money will be eventually recouped as the sales begin again this month, but it was five months of delays compounding on itself.

In addition, programs such as the license to carry application that was going to be launched online in August was gone, the panic alarm system that was being implemented was now delayed due to the software being compromised and a new photo ID system for employees was put on the back burner as a result of the sheriff’s office going down.

Lack of information

Zeigler voiced his frustration because his office was only included in one meeting and then cut out of the discussion.

“Not only did we not know what was affected and what was potentially exposed or made vulnerable, we weren’t told what was going to be done to fix it,” he said. “So the vendor I spoke to, I couldn’t even tell him what we needed to do because we weren’t told. All the information was just cut off.”

He added that he has no idea to what extent other offices were affected, or if the ransom was paid or not and if any personal information of employees or residents was compromised.

“We don’t know what was released or what this individual has and it was the courts that was hacked,” Zeigler said, adding that he and District Attorney Michael Greek, the two top law enforcement officers in the county, should have been kept in the loop in case criminal charges needed to be filed on the culprit.

Zeigler also questioned why row officers were told nothing about it and how the county assessed the cost of damages from all this, including rebuilding servers and files, overtime, consultant fees and everything else involved with the breach.

His office has now taken steps to guarantee another cyber attack will not take his files down again.

“We have to be better prepared going forward,” he said.

Greek echoed Zeigler’s thoughts about being left out of the discussions on this matter.

He said his office was not as affected as other court-related offices, thinking it is because of how the IT departments are separate for county offices versus court offices. Greek’s office is handled by the county IT department and Zeigler’s office was initially handled by the court IT but was transferred over to the county IT a few months ago.

Greek said he had heard through other sources that the cyber attack was a hard attack, meaning someone actively hacked the system and it wasn’t a malware or Trojan horse, but could not confirm the matter.

Because of this, his office experienced disruptions as other court-related offices like the sheriff had to navigate the waters without the electronic files that are used for court operations.

“I was disrupted in terms of emails, scheduling, filing and receipt of documents while the servers and computers were down,” Greek said.

As for the aftermath of the attack, Greek said that his request to be included in the meetings were not approved.

“A crime was committed and nobody did anything to prosecute a crime. Maybe we couldn’t have but the fact was, I know nothing. They came down from court administration with a note that said do not talk to anybody. ... They kept me out in the dark. ... I know nothing other than there was a cyber attack which is insulting to me.”

Greek said that while the county met with outside agencies and their insurance company, it should have also been reported to law enforcement.

Zeigler and Greek both said that the county reached out to departments with questions following the breach, which they answered and submitted for an after action report that was being prepared, however that was the last they heard of it.

“We have nothing. Everything was submitted but I don’t know where it went,” Zeigler said. “You want people to trust each other and we want to work together, well how do you really do that when you see how people have been treated?”

On Thursday, when asked about the status of the pending report, the county commissioners said that one was not being completed.

“The threat was there but nothing materialized,” Eloise Ahner, county administrator, said on the county’s behalf. “It was just a matter of getting everything back and that took some time. It took some time because those systems had to be shut down.

“At this point, I don’t think there is going to be (a report),” Ahner added, “since there wasn’t an actual demand or ransom. But it is being monitored and that will continue for a while to make sure that nothing happens.”

The board said that after the county learned of the breach, everything was shut down to prevent any further infecting of the system and then the county and court IT departments, which Commissioner Wayne Nothstein said is currently understaffed by three people, assisted the outside agency the county insurance company brought in to check every computer.

As for potential data being compromised, Ahner said that the county has not found any compromised data yet.

If a ransom was paid to a hacker or money was paid to fix the problem, it has not been disclosed by the county.

An email reaching out to court administration was not responded to as of press time.