The Valdez Star - Serving Prince William Sound and Copper River Basin

By LEE REVIS
Valdez Star 

Cyberattack that held city's info for ransom in final recovery phase

Out-of-state firm negotiated terms and price for release of city's data

 

November 14, 2018



City officials said it is in the final phases of recovering its information technology infrastructure that was held ransom by cyber-criminals after a late July attack.

The unnamed attackers demanded four Bitcoin (a type of cyber currency with a dollar value of $26,623.97) to unlock the city's data.

According to the FBI, cyber-based criminal organizations commonly ask for relatively small amounts of ransom when kidnapping information and does not recommend paying ransom to retrieve stolen information.

At the time of the attack, Elke Doom, the city manager, told the Valdez City Council that city officials had not been in contact with the kidnappers; however, the city did hire an unnamed security firm in Virginia that specializes in cyber-incident response and digital forensics to negotiate the terms of release for the city's data according to a press release issued Tuesday by the city's public information office.

"The firm anonymously contacted the attackers on the City's behalf to investigate and possibly negotiate ransom terms," Police Chief Bart Hinkle said in the city's press release.

The city said it expects recovery efforts to be complete by the end of the year but the data "...remain in quarantine until the data is carefully "scrubbed" and verified virus-free."

The ransomware was discovered to infect the city's IT infrastructure on July 27, forcing much of the city's daily business be conducted without the use of computers. The city maintains that its phone network and banking information were not breached during the attack.

"To date, there is no evidence to suggest any information was taken during the cyber-attack," the city said.

City of Valdez website

"Our progress reintroducing old data from quarantine is deliberately slow and methodical to prevent reinfection of our network", said Matt Osburn, information technology director for the city. "At the same time, we have fast-tracked the timeline for a significant IT system rebuild planned for 2019 to replace the system taken offline by the attack. Using lessons learned from this incident, the new system will meet or exceed current industry standards, with more robust security protections and additional efficiencies to better serve our citizens."

The city says 27 servers and 170 computers were infected by the ransomware virus.

"The city carries specific cyber-crimes insurance which covers costs directly related to the ransomware attack, including the ransom amount, negotiation fees, costs for forensic work and privacy council, and replacement of equipment directly affected by the attack," the city said.

Once armed with the de-encryption tool, the city's IT personnel successfully decrypted what was described as "...all City data infected by the ransomware."

At the time of the attack, the city had already been in the early stages of upgrade to its IT system planned for 2019.

 

Reader Comments
(0)

 
 

Powered by ROAR Online Publication Software from Lions Light Corporation
© Copyright 2018

Rendered 12/15/2018 13:37