April 10, May 3 and May 5, 2023 San Bernardino County emails discussing media responses to inquiries about a "network disruption" -- actually a ransomware attack -- suffered by the San Bernardino County Sheriff's Department. Document uploaded by Beau Yarbrough, staff writer for the San Bernardino Sun/Southern California News Group
Original Title
2024-04-10, 2024-05-03, 2024-05-05 San Bernardino County emails
April 10, May 3 and May 5, 2023 San Bernardino County emails discussing media responses to inquiries about a "network disruption" -- actually a ransomware attack -- suffered by the San Bernardino County Sheriff's Department. Document uploaded by Beau Yarbrough, staff writer for the San Bernardino Sun/Southern California News Group
April 10, May 3 and May 5, 2023 San Bernardino County emails discussing media responses to inquiries about a "network disruption" -- actually a ransomware attack -- suffered by the San Bernardino County Sheriff's Department. Document uploaded by Beau Yarbrough, staff writer for the San Bernardino Sun/Southern California News Group
Keichova Kathesing
‘Rogers te, Mier Michael,
Subject: PW: Masia Resporse/Shenf's IT
Date: Wednesday, May 3, 2023 9:41:17 AM
Attachments: imeaoOL.ona_
FYI
rom: Wer, ove 0)
Date: Tuesday, May 2, 2023 at 2:00 PM
To: 0S - All Supervisors iA AMMEEE). 20S Chiefs of Staff
Ce: Hermandez, Leonard - CA0' ASIP RRSEME >, "Wiliams, Pamela"
Subject: Media Response/Sheriff's IT
Board Members,
Brian Rokos with the Southern California News Group last night asked the County if a ransom had
been demanded, ifso, how much, and whether the County intends to pay. He had been referred to
us by Sheriff Dicus.
In response, | wil provide him withthe response be, aaa
This will be the first official confirmation to the news media that this has been a ransomware
incident.
The network disruption within the Sheriff's Department was the result of ransomware that infected
portions of the department's information technology system.
The County had prepared for the possibility of such an incident by securing appropriate insurance
coverage. After negotiating with the responsible party, the insurance carrier and the County agreed
to2 payment to restore the system's full functionality and secure any data involved in the breach
Insurance covers most of the payment. The County's share is $511,852.
The decision whether to render payment was the subject of careful consideration, On balance, and
consistent with how other agencies have handled these types of situations, this was determined to
be the responsible course.
As part of its ongoing criminal investigation, the Sheriff's Department is conducting a forensic
examination to achieve a full understanding of the incident, the findings of which will benefit all
public agencies looking to avoid a similar occurrence.
At no time did this incident compromise public safety or the Sheriff's Department's ability to carryoutits duties, No other systems within the County organization have been affected
Additional information on this matter cannot be disclosed at this time in light of the ongoing criminal
investigation.
Please let me know if you have any questions.
Thankyou,
Davie
David Wert
Pablic iMormation Officer
Sor Berard on cou, Caloris
Pho
0 Fh Floor
Son Fernainn CASDAIE O20
TAN BERNARDINO
COUNTY
ur job fs 10 create @ county in which those who reside and invest can prosper and achiove well-boing.
sonny SB County cov
oOneEoaFrom: oideva, Katherine
To: agers. ete
os Milt. chaeCastansa, Andrea
Subject: FW: Sherif edi Inquies- Cyber tack
Date: enday, Ap 1, 2023 9:34:55 a8)
Attachments; Dacumeatl docs
FY
From: "Hernandez, Leonard - CAO" See eae
Date: Saturday, April 8, 2023 at 9:03 AM
“armendarez, Jesse" EET ISRGEIER-."Heeman, curt"
oc I > 505 ce ost
mn
Ce: "Rundles, Diane - HR" iE >, "Oicus, Shannor
RE "50082, cher I >, "Wiliams, pamela"
a
SS 2. 2c 50) LA, “Corciova, sake”
ee
"Tordesilas, Victor" eR RERAeunton, Tor”
IL
Subject: Sheriff Media Inquiries - Cyber Attack
Board Members,
The special team working with the Sheriff and County have come up with the following talking points and
statements that we plan to use. KTLA is already reaching out to the Sheriff's team. They will take the lead
in responding and we will support them as needed. We are limited in what we can/should say at this
point.
Thank you.
Leonard Hernandez
San Bernardino County
Forwarded message
from: Runde: ane 1
Date: Apr 8, 2023 8:36 AM
Subject: Media Inquiries
Jo: Wert, David (CAO) EE “cuencn-Hurted, Mert:
Good Morning, David and Martha,Please see attached talking points for media. We are already getting inquiries. Please let me know
if you approve. Not sure if Sheriff is reaching out to you with what inquiries we are getting a
request for information from KTLA News
Regards,
Diane M. Ru
u Executive Of
° mz
a (Our job ts to erent a county in which those who reside and invest can
prosper and achieve well-being.EXTERNAL STATEMENT
We understand you may receive inquiries from citizens, other agencies, the media, and other
individuals and outside parties about the recent data incident in our department. In such
instanees, please use the language outlined below:
“On April 7, 2023, the San Bernardino County Sheriff's Department recently became aware of a
network disruption that affected a limited number of our systems. Upon discovering this incident,
the County immediately secured the network and hegan working with our IT staff and third-party
forensic specialists to investigate the incident. The County has referred the incident to partnering
law enforcement agencies, including the Federal Bureau of Investigations and Department of
Homeland Security.
The investigation into this matter is ongoing, and therefore, we will be unable to provide further
details at this time. The incident has not impacted law enforcement operations, and San
Bernardino County Sheriff's Department is readily available to provide services and respond to
calls."
* On April 7, 2023, the San Bernardino County Sheriff’s Department became aware of a
network intrusion that affected a limited number of our systems,
* Cybersecurity is among our top priorities, and we take the privacy and security of our data
seriously,
«The incident has not impacted law enforcement operations, and the San Bemardino County
Sheriff's Department is readily available to provide services and respond to calls.
* The investigation into this matter is ongoing so the County’s ability to comment on specifies
are limited, but the County will update the community when new information becomes
available,‘ec David (CAO)
(BOG Al Sunersnes; BOS Chink of Staff
Hemandestecnand CAO; Willams, Pamela; Guzman-Hutado, Maca
Subject: RE: Media Response/Shesffs IT
Date: Friday, May §, 2023 3:06:59 PH
Attachments: imagsL.pna.
Board Members,
FYE: We have received inquiries on the Sheriffs IT matter from 12 news media organizations today so
far. All have been provided with the agreed-upon statement as well as confirmation that the total
sum paid was $1.1 million. The organizations from whom we have heard are:
ABC News (national), ABC7, NBC4, CBS2/KCAL, FOX11, KTLA, Spectrum 1, The Los Angeles Times,
‘The Mountain News, The Big Bear Grizzly, The Epoch Times, and The San Bernardino County
Sentinel.
Please let me know if you have any questions,
Thank you,
David
From: Wert, David (CAO)
Sent: Thursday, May 04, 2023 6:04 PM
To: 80S All Supervisors
; Williams, Pamela
Board Members,
The Southern California News Group today responded to the statement we provided to them on.
Tuesday regarding the Sheriff's IT matter. They requested the full amount paid as well as the
County's portion, and we disclosed the full$1.1 million figure. Their story will ikely appear online
and be sent out as an email news alert sometime this evening,
Please let me know if you have any questions.
Thank you,
David
From: Wert, David (CAO)
Sent: Tuesday, May 02, 2023 2:00 PM
To: 80S- All Supervisc's ANAM £05 chiets of staffCe: Hernandez, Leonard - CAO ESSER: wiliars, Pamela
Subject: Media Response/Sheriff's IT
Board Members,
Brian Rokos with the Southern California News Group last night asked the County ifa ransom had.
been demanded, ifso, how much, and whether the County intends to pay. He had been referred to
us by Sheriff Dicus
In response, I ill provide him with the response bel, aaa
This will be the first official confirmation to the news media that this has been a ransomware
incident.
The network disruption within the Sheriff's Department was the result of ransomware that infected
portions of the department's information technology system.
‘The County had prepared for the possibility of such an incident by securing appropriate insurance
coverage. After negotiating with the responsible party, the insurance carrier and the County agreed
toa payment to restore the system's full functionality and secure any data involved in the breach.
Insurance covers most of the payment. The County's share is $511,852.
‘The decision whether to render payment was the subject of careful consideration. On balance, and
consistent with haw other agencies have handled these types of situations, this was determined to
be the responsible course,
‘As part of its ongoing criminal investigation, the Sherif’s Department is conducting a forensic
examination to achieve a full understanding of the incident, the findings of which will benefit all
public agencies looking to avoid a similar occurrence.
At no time did this incident compromise public safety or the Sheriff's Department's ability to carry
cout its duties. No other systems within the County organization have been affected
Additional information on this matter cannot be disclosed at this time in light of the ongoing criminal
investigation.
Please let me know if you have any questions.
Thank you,
DavidDavid Were
Public Information Officer
Sen Bemrdine County, Caos
Prone
SBN Ben Foe
Sen Boridine CAS2AIS0129
SAN BERNARDINO
COUNTY
(Our job is to create a county in whieh those who resicle and invest can prosper and achieve well-being.