The Valdez Star - Serving Prince William Sound and Copper River Basin

Valdez Star 

Hacked by cybercriminals: city website downed by ransomware

FBI called in to investigate as municipal workers sharpen pencils, go low tech


August 1, 2018

Electronic data owned by the City of Valdez is infected with ransomware and day to day functions are being conducted the old-fashioned way – with paper and pens.

Officials held an emergency meeting Monday night to inform city council and department heads on the status of the city’s electronic data.

City manager Elke Doom says what started as a few glitches in the system – and the finding of a few viruses - quickly led to a shutdown of the system. The embedded virus was later identified as crypto-ware which is far more serious than a simple virus. Crypto-viruses encrypt data so it cannot be accessed. Ransomware is a generic term for a type of malware developed by hackers that cripples operating systems; to unlock the data, the owners must pay a ransom.

Doom was quick to assure council members and the public that it is believed that personal information of Valdez residents, such as credit card numbers, has not been compromised.

Doom said the city had not communicated with the data kidnappers and no information was forthcoming on the amount of ransom the city’s data is being held for.

“There was nothing in our system we could have done to prevent this,” Doom said at Monday’s meeting. “These are criminals. They are geniuses and their entire career is built on draining systems for profit.”

Beginning Wednesday, July 25-26, the city employees noticed a few issues with the operation of the city’s website. For example, employees were unable to login to accounts and couldn’t quite get their internet running smoothly. An Antivirus scan was used which detected a few viruses did in fact exist.

Problems became worse when early Friday morning the police department noticed an early outage of the website. Checking on the reports from the PD confirmed that the anti-virus system did not fix the virus issues. Instead, it was learned that the city’s IT infrastructure was the victim of an embedded virus.

As this continued, the city government realized it was in fact a cybercrime and the FBI needed to be notified. At this time, the FBI is continuing to work with the city, but specifics about their investigation are not publicly available as it is an active investigation.

On Friday afternoon, Mayor Pro Temp Douglas Fleming issued a declaration of emergency. This created a mechanism to address items impacting city operations. As one could expect, this list is extensive and includes numerous priorities.

The IT Department responded by immediately shutting down all systems and disconnecting them.

“We were one of many hit by ransomware,” Doom said. “Mat-Su was hit about a week before we were and we both learned lessons from one another about how best to move forward.”

To better improve on this, Doom said the IT department is currently in the process of better upgrading the current system and fast tracking many of the changes they think could better prevent attacks such as this in the future.

“This is a cyber-attack,” she said. “We have come together to help the IT department focus on what they need to focus on.”

Phones at city hall are currently working Doom said, and texting is working for cell-phones but email was still down as of Monday.

Residents will also face a number of difficulties as the city moves forward.

“We will not be back to normal for a while even though we still have a city to run,” Doom said.

The city is currently creating priorities for moving forward. Finance and payroll are at the top of the list. Police and fire operations are still working as expected and 9/11 services are fully operational. According to Doom, the city is fortunate to still have data. However, it is not certain when the city will be able to drop the data back in place.

“We want all of the community to know, we are doing everything possible to get us working,” she said. “We will reach the community as we come back online. We still have Facebook but problems exist. Bear with us for the changes.”

Items such as water bills should be brought for payment in person. This can be with payment at the front counter with a credit or debit card. Doom asked that residents with bills due to the city bring the account number and amount of the bill if they pay in person, as the city cannot look up accounts and amounts due at this time. Payers will be provided a paper receipt when paying.

Due to the scheduling of city-wide services during this time, Doom also points out that people will not have services shut off during this time. Late fees will also be suspended.

Executive session began immediately after an update was provided so it is difficult to guess what that may consist of and what outcomes can be expected.


Reader Comments


Powered by ROAR Online Publication Software from Lions Light Corporation
© Copyright 2019

Rendered 09/22/2019 23:38