Computers at Minnesota's Tettegouche State Park were hit with malware

Anyone who used a credit card at the park in late August should be alert.
Author:
Updated:
Original:

Tettegouche State Park: A place known for spectacular views of the Lake Superior shoreline, where you can hike through the picturesque forests along the winding river, or go see some of the state's marvelous birds.

It's not a place you'd consider as the possible target of a malware attack. But that's precisely what happened recently.

Malicious software was discovered on state-operated computers at the park on Aug. 25, according to a DNR news release

Exactly how many computers were infected at Tettegouche State Park (which has a gift shop, and rents out canoes and snowshoes) Minnesota IT Services (MNIT) wouldn't say. 

There is no evidence at this point that credit card numbers were taken. Forensic investigators with MNIT will be poring over the machines for weeks to determine exactly what happened, the agency says.

To be extra cautious, the DNR is suggesting anyone who visited Tettegouche from Aug. 22-25 and purchased anything with a card keep an eye on their bank account for weird purchases.

If you see anything, tell the card company. Also be wary of any email purporting to be from the DNR that asks for personal information.

How far did the malware get?

The scope right now seems fairly limited. 

The DNR says there were about 400 credit card transactions during the Aug. 22-25 period, and there's no evidence (at least right now) that the malware spread to other machines at state parks, DNR offices, or any of the other computers on Minnesota's IT network.

That could change though.

Aaron Call, director of information security with MNIT, told GoMN the malware framework they found is "fairly generic" and "can do a wide variety of things."

MNIT – which is in charge of every tech-related need for thousands of state computers and servers – was alerted to the malware around 4 p.m. on Aug. 25, after noticing a park computer reaching out to a command and control site Call said they knew was a "bad address." (It's a way for malware to get direction about what to do next.)

They isolated the machines so the infected computers couldn't communicate or spread the malware. And now it's all about digging into what happened through a full forensics investigation. 

MNIT employees will spend the upcoming weeks going through the computers – starting with those that have the most valuable data, such as credit card processing info – to see what the malware took, tried to take, or may have been attempting to do otherwise. 

It's possible investigators get through it "to find literally nothing was taken because that machine didn’t have the specific thing malware was looking for," Call said.

On the flip side, they could discover some new info down the line that forces investigators to re-evaluate everything up to that point. The scale and sophistication of possible attacks "means it’s hard to know until you do a full investigation," Call said.

Big cyber attacks recently

This is, of course, just the latest cybersecurity issue. There was the enormous Equifax breach, the also-enormous Yahoo hack, the company-crippling WannaCry ransomware that was "knocking on [Minnesota's] door," the lone vigilante hacker that took jabs at state universities ...

MNIT has said it fends off 3 million attempted cyber attacks every day. And forensics investigations take time – Call said the Tettegouche work is about 80 hours of people power each week, with the agency's top investigator dedicated to the task.

This past legislative session MNIT asked lawmakers for significantly more funding to make upgrades, including replacing outdated computers and making sure systems are monitored 24/7.

It's a request MNIT spokesperson Cambray Crozier reiterated Friday, saying this recent malware is "one clear example of how important it is to take this stuff seriously and be proactive."

The final budget bill that was ultimately passed by lawmakers and signed into law didn't include what MNIT wanted, and prompted Gov. Mark Dayton to mention the lack of new cybersecurity money as one of the "extremely disappointing" omissions.

Next Up

124906958_401361401236047_6293747214536025849_o

Pandemic pushes need for cybersecurity and I.T. professionals to forefront

University of Wisconsin-Superior is helping meet demand with online master’s programs

Screen Shot 2020-12-03 at 5.01.58 PM

Body found floating in Minnesota River in Shakopee

Efforts to identify the deceased are underway.

Hennepin County Government Center

Judge finds suspect guilty in 1991 murder of young Minneapolis woman

A 58-year-old man from South St. Paul, who was 29 at the time, has been found guilty of stabbing a 20-year-old woman

northfield community education center

Northfield school fires employee who allegedly gave melatonin to infant

It's against district policies to give a child anything without a parents' permission.

state hockey tournament, mshsl

MSHSL approves 3 calendars to start winter sports as soon as Dec. 21

The start date will depend on whether the state shutdown is lifted.

hydrocodon-DEA

Drug overdose deaths up 31% in the first half of 2020

Overdose deaths started to increase sharply in March, which coincides with the state-ordered lockdown for the COVID-19 pandemic.

los ocampos

Video: Vehicle crashes into St. Paul restaurant

The fire department is on scene addressing a gas leak.

covid-19, coronavirus

Latest county infection rates are sky-high throughout Minnesota

Kandiyohi County is one of the hardest hit counties in the state.

Jenna Fish

Family's warning after teen's tragic death from CO poisoning at Thanksgiving

A 17-year-old girl from Delano died after Thanksgiving due to carbon monoxide poisoning.

Plainview

More than $12K donated to MN gym owner who refused to close

The small business is located in town in Wabasha County.

radio station, microphone

MPR, The Current launch new weekly segment called 'The Warming House'

The program will feature feel-good entertainment amid the pandemic.

Related

Chipotle's payment systems were hacked – see if the one you go to was hit

Malware got into the register and card payment systems and scraped up info.

How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?

Forever 21 says it was probably hit by a data breach

If you bought something there with a card, this might affect you.

2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.

5 things you should take away from the Explore Minnesota Facebook page hack

What you should (and shouldn't) do to keep your accounts safe.

Update: Explore Minnesota's Facebook hack nightmare is over

But why was the tourism agency targeted? And how did someone take control?

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

Watch out for this Netflix 'payment declined' phishing email scam

The message looks legitimate, and tries to trick users into giving up credit card info,