Stories

Go deeper: The malware that shut down a local election network

Stickers reading "I voted" in red and blue in a stack
Photo: Joshua Lott/AFP/Getty Images

In Kansas, Finney County had to shut down its election network and its entire county computer network after a malware attack launched via a phishing email with a bad link, two county officials told Axios following Vice President Mike Pence's remarks on the incident last week.

Why it matters: This complete shutdown shows the disruptive power that a single email with a bad attachment or link can have, even if only one person clicks on it and even if the malware doesn’t lead to any stolen information. And Finney County doesn’t think its the only target of this kind of phishing and malware attack.

The big picture: Other agencies have said they experienced similar email targeting before the Kansas attack, Finney County communication specialist Sara McClure told Axios.

The impact: The malware versions that are believed to be launched in this case, Emotet and TrickBot, are designed to pilfer information.

  • “To date there are no indications that any citizen’s personal information was impacted nor any evidence that the malware has spread to other networks,” a DHS official told Axios.
  • This kind of attack could interrupt voting if it were to happen closer to, or on the day of, an election.

The county shut off the networks on July 12 to prevent employee access to internet and email, and began cleaning computers in part to get rid of the malware, whether devices were believed to be infected or not. The networks were back up the next day.

  • Finney County has since increased and enhanced its antivirus package, which originally caught the incident. It now has mandated training on clicking links and attachments in emails, and has increased email security to quarantine attachments that may be unexpected or suspicious.

Details:

  • The email that launched the malware came from what appeared to be a real person, but someone who was outside the Finney network, according to McClure. The county does not know the source of the email and was unable to say who clicked on the link.
  • Kansas' secretary of state’s office called in the Department of Homeland Security to work with the county in its response. A DHS official said there is no evidence the issue had spread.