After the $1,500,000 ransom payment to hackers, to hopefully restore Wood County government’s computer network that was compromised in a recent ransomware attack, Wood County Administrator Carrie Stanley said, as reported in the BG Independent News (BGIN), security of the network will be the “…top priority for 2025…” As the chief administrative officer of the county, Stanley is responsible for overseeing the county’s IT department and network security. Ransomware attacks are not new and are well understood. There are a multitude of IT security consulting firms that offer evaluation and prevention services at affordable costs and there are also many no- or low-cost best practices available that together effectively minimize the threat of such an attack. Stanley went on to say to BGIN that this year Wood County will partner with a consultant to, “…obtain ongoing security evaluations, guidance and recommendations for our systems, and we will be making significant IT investments.”
It seems that until now, under Stanley’s control, the door was left open to hackers, allowing this major disruption to county offices and government services, and, from reporting, that the impact is ongoing and still not fully known. Through Stanley’s own statements from BGIN reporting, it is evident that IT security has not been a top priority and the county has not availed itself of expert IT security consultants, as most similar government entities have. As a result, the county was forced to pay a $1,500,000 ransom that could and should have been avoided.
The $1,500,000 was purportedly paid from the county’s emergency fund. The additional cost of the investigation and overtime payments to county employees is yet unknown.
Just as alarming as the ransomware attack itself is the implication that the payment of the $1,500,000 “fee,” as one official called it, was not significant. As reported by BGIN, linking the attack to county finances, Stanley said, “Despite the recent cybersecurity incident, Wood County finances remain healthy going into 2025.” The statement went on to say that the payment did not affect the county’s 2025 budget. Really? I guess one might take that statement literally: the “budget” was not affected, which on its face might be true. But, the potentially avoidable loss of $1,500,000 of taxpayers’ dollars is very significant and unquestionably has a negative impact on county finances, whether the payment came from an emergency fund or not. Someone needs to be held accountable.
The attack on the county’s computer network deserves a full investigation and disclosure to the public and the commissioners should immediately show Stanley the door… and – this time – close and lock it.
Rod Noble
Bowling Green
