[BreachExchange] Muscatine coming back online after cyber attack left them in the dark
Destry Winant
destry at riskbasedsecurity.com
Fri Nov 16 10:28:14 EST 2018
https://www.ourquadcities.com/news/muscatine-coming-back-online-after-cyber-attack-left-them-in-the-dark/1600554261
Muscatine, Iowa - Going analog with pen and paper in the city of Muscatine.
It's what city employees had to deal with during the past month after
a cyber attack crippled their servers.
Ransomware was found in several servers in city hall and one that is
used by MUSCOM, the dispatch center.
It was launched early morning Oct. 17.
To address the threat, the I.T. Department had to cut the connection
to the internet, which kept city employees from logging in.
While most can log back onto computers no, the threat is not over.
Ransomware is the fifth most common form of cyber incidents. That's
according to the 2018 Data Breach Investigations Report published by
Verizon.
While it said ransomware is a particularly problem-some issue for the
healthcare industry, no one is immune.
>From personal computers to governments, the attack locks people out.
Muscatine Communications Manager Kevin Jenison said, "Kind of an easy
target just because of the number of people involved."
Slowly coming back from the darkness.
Jenison said, "They had to write stuff down, keep a log that way."
Facing weeks with little use for a mouse, city employees are finding
themselves connecting back to the network.
"Most of the systems are back up and working," said Jenison.
"Especially here at city hall."
But just a few blocks away, the connection is still waiting for a
complete reboot.
Jenison said, "The one we're having the most problem with is the new
library. That's a new system."
Kevin Jenison, communications manager for the city, said while
employees have regained access to their computers, the one for the
public remains shuttered.
It's meant long hours for the city's I.T. Department.
Jenison said, "24/7 type thing since the attack occurred."
Ransomware attacks lock up a network and then demand payment to regain access.
But the city decided not to fork over the case; instead, going through
the impacted servers to hunt down the threat.
While I.T. completes efforts to isolate and eliminate, Jenison said
they're benefiting from forethought.
Jenison said, "Bought the insurance several years ago, not ever
expecting that we would need to use it."
Their insurer is providing additional resources, which is helping to
move the recovery process along but that's not expected to be complete
until near the first of the year.
Jenison said, "A lot of systems and workstations that need to be
checked and double-checked."
The next step then is what else the city can do to save themselves the
pain of another attack.
Jenison said, "These hackers are very smart, and they're getting
better all the time."
Jenison told Local Four News, one thing the city is fairly confident
there was no data breach.
"That's also part of the investigation. From what I've been told from
the early reports is that we didn't lose any data as everything is
protected and of course, we don't store credit card information or
anything like that," he said.
The city is working with the FBI to investigate the attack.
More information about the BreachExchange
mailing list