Skip to main content

Computers at Minnesota's Tettegouche State Park were hit with malware

Anyone who used a credit card at the park in late August should be alert.

Tettegouche State Park: A place known for spectacular views of the Lake Superior shoreline, where you can hike through the picturesque forests along the winding river, or go see some of the state's marvelous birds.

It's not a place you'd consider as the possible target of a malware attack. But that's precisely what happened recently.

Malicious software was discovered on state-operated computers at the park on Aug. 25, according to a DNR news release

Exactly how many computers were infected at Tettegouche State Park (which has a gift shop, and rents out canoes and snowshoes) Minnesota IT Services (MNIT) wouldn't say. 

There is no evidence at this point that credit card numbers were taken. Forensic investigators with MNIT will be poring over the machines for weeks to determine exactly what happened, the agency says.

To be extra cautious, the DNR is suggesting anyone who visited Tettegouche from Aug. 22-25 and purchased anything with a card keep an eye on their bank account for weird purchases.

If you see anything, tell the card company. Also be wary of any email purporting to be from the DNR that asks for personal information.

How far did the malware get?

The scope right now seems fairly limited. 

The DNR says there were about 400 credit card transactions during the Aug. 22-25 period, and there's no evidence (at least right now) that the malware spread to other machines at state parks, DNR offices, or any of the other computers on Minnesota's IT network.

That could change though.

Aaron Call, director of information security with MNIT, told GoMN the malware framework they found is "fairly generic" and "can do a wide variety of things."

MNIT – which is in charge of every tech-related need for thousands of state computers and servers – was alerted to the malware around 4 p.m. on Aug. 25, after noticing a park computer reaching out to a command and control site Call said they knew was a "bad address." (It's a way for malware to get direction about what to do next.)

They isolated the machines so the infected computers couldn't communicate or spread the malware. And now it's all about digging into what happened through a full forensics investigation. 

MNIT employees will spend the upcoming weeks going through the computers – starting with those that have the most valuable data, such as credit card processing info – to see what the malware took, tried to take, or may have been attempting to do otherwise. 

It's possible investigators get through it "to find literally nothing was taken because that machine didn’t have the specific thing malware was looking for," Call said.

On the flip side, they could discover some new info down the line that forces investigators to re-evaluate everything up to that point. The scale and sophistication of possible attacks "means it’s hard to know until you do a full investigation," Call said.

Big cyber attacks recently

This is, of course, just the latest cybersecurity issue. There was the enormous Equifax breach, the also-enormous Yahoo hack, the company-crippling WannaCry ransomware that was "knocking on [Minnesota's] door," the lone vigilante hacker that took jabs at state universities ...

MNIT has said it fends off 3 million attempted cyber attacks every day. And forensics investigations take time – Call said the Tettegouche work is about 80 hours of people power each week, with the agency's top investigator dedicated to the task.

This past legislative session MNIT asked lawmakers for significantly more funding to make upgrades, including replacing outdated computers and making sure systems are monitored 24/7.

It's a request MNIT spokesperson Cambray Crozier reiterated Friday, saying this recent malware is "one clear example of how important it is to take this stuff seriously and be proactive."

The final budget bill that was ultimately passed by lawmakers and signed into law didn't include what MNIT wanted, and prompted Gov. Mark Dayton to mention the lack of new cybersecurity money as one of the "extremely disappointing" omissions.

Next Up

Kirill Kaprizov

Wild win battle of NHL's hottest teams, extend winning streak to six

Kirill Kaprizov delivered a shootout winner to take down the Maple Leafs.

Eric Kendricks

Vikings downgrade Eric Kendricks to out against Lions

The Vikings have also activated Michael Pierce from injured reserve.

u.s. attorney

Minnesotan sentenced after assaulting man with baseball bat

Marshall Wayne Boshey was sentenced to 30 months in prison followed by two years of supervised release.

Target store

Target's gift card discount is back, but for this weekend only

The fine print: for Target Circle members only (but membership is free).

Screen Shot 2020-06-15 at 7.11.05 AM

Minneapolis teen arrested in St. Cloud after fleeing police in stolen vehicle

The vehicle was stolen in a car-jacking in Minneapolis Thursday.

snow, blowing snow

Winter storm warnings issued with heavy snow set to slam MN

Parts of northern Minnesota could see more than a foot of snow, but there won't be much in the Twin Cities.

D'Angelo Russell

With KAT out, Timberwolves can't upset Nets

D'Angelo Russell stepped up but couldn't overcome Brooklyn's firepower.

Everson Griffen Vikings dot com

Everson Griffen confirms he has bipolar disorder

"I’ve been running from it a long time. I’m not ashamed of it anymore.”

Angela Renee Jones, St. Cloud murder suspect

St. Cloud suspect now charged in two local murder cases

Both murders happened within a day of each other in June.


Chipotle's payment systems were hacked – see if the one you go to was hit

Malware got into the register and card payment systems and scraped up info.

How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?

Forever 21 says it was probably hit by a data breach

If you bought something there with a card, this might affect you.

2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.

5 things you should take away from the Explore Minnesota Facebook page hack

What you should (and shouldn't) do to keep your accounts safe.

Update: Explore Minnesota's Facebook hack nightmare is over

But why was the tourism agency targeted? And how did someone take control?

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

Watch out for this Netflix 'payment declined' phishing email scam

The message looks legitimate, and tries to trick users into giving up credit card info,