Doxpop - Tools for Attorneys and Public Information Researchers: Doxpop services are unaffected by the recent county cyber attacks and widespread outages.

Friday, July 19, 2024

Doxpop services are unaffected by the recent county cyber attacks and widespread outages.

It has been a hard couple of weeks for the information technology world, so we decided to take a moment and reassure you that Doxpop has been unaffected by the various cyber security issues plaguing the rest of the world.

Recently, both Monroe and Clay Counties became victims of ransomware cyber attacks that crippled county IT systems for roughly a week in both cases. Doxpop provides access to court records from both counties, and recorded documents in Monroe County. 

During both of these local outages, Doxpop's services and the integrity of the data we glean from the county systems were unaffected. This is one of the advantages of having a "mirrored" database of records, because in both situations, Doxpop was able to provide online access to records that the counties were temporarily unable to provide locally.

Today, (Friday, 7/19) many organizations using Microsoft's Azure and 365 services experienced outages. While we don't know all of the details, at this point it appears that a flawed update from the CrowdStrike cyber security firm was the root cause. 

Fortunately, Doxpop does not depend on Windows or CrowdStrike services, so we have been completely unaffected.

The CrowdStrike issue may lead to disruptions elsewhere that affect our users, as CrowdStrike provides security services for the Indiana Office of Technology, and through an IOT program, is also used in many counties. It's reasonable to expect all of this to be cleared up by the end of the day, but it's also a good day to exercise patience and understanding if someone you interact with in local government is affected.

Edit/Update at 4:30 PM on 7/19:

Above, I predicted that surely this will all be cleared up by the end of the day... Way too optimistic!

Now we know more about the nature of the problem. It was caused by the automatic download of an update to the CrowdStrike system. My optimistic prediction was based on the notion that a patch could be deployed automatically in the same manner. -Unfortunately, this is not true. The problem renders the computer unable to boot, so of course it never gets far enough for an automated download of a patch to be applied remotely. That means most organizations will have to send a technician on-site to every affected computer, boot it into "safe" mode, delete the damaging file, then reboot in normal mode to download the patch.

That means many IT support firms that have been able to provide remote support in the past are suddenly having to dispatch people to travel to every site they support. It will be a long weekend for these folks, and it seems likely that many sites will still be dealing with this next week.

The bottom line still holds though: Doxpop is unaffected. ...And if you're reading this message your computer must be working as well (congratulations!) Have a calm weekend, and don't take any downloads from strangers.


No comments: