[BreachExchange] Plymouth officials work to get system back online after cyber attack

Destry Winant destry at riskbasedsecurity.com
Mon Mar 11 10:08:20 EDT 2019


A ransomware cyber-attack that hit the town Wednesday has resulted in
municipal and police computer servers being shut down and data being
encrypted. Plymouth town officials are working to get the system back
online, but could not say Thursday whether a criminal investigation
was underway.

Jeff Ziplow, a cyber-security risk assessor with Blum Shapiro working
with the town to solve the issue, said that municipal and police
computer servers were infected with “decrypt.txt” ransomware, which
came through email. The ransomware has encrypted town files and made
them inaccessible. Municipal and police severs were shut down to
prevent the malware from spreading further.

“We are currently in the process of determining which variant of this
particular ransomware we are dealing with,” said Ziplow. “It has had a
dramatic impact on a number of servers in the police department and
municipal servers. We will be working with the IT director and going
through each server to determine if they are infected and the best way
to clean them. Depending on the variant we are dealing with, there may
be tools out there to get rid of it. Or, we may have to restore the
servers to a previous backup point.”

Ziplow said that Plymouth’s town computers run on Microsoft Office 360
and they may be implementing a two-factor authentication system for
better protection in the future.

Ziplow explained that the ransomware has generated a text file with
instructions for how the town could visit certain websites and the
steps the town would need to take to pay a ransom in “bitcoin,” an
untraceable online currency, to regain access to their files. However,
the town does not intend to pay the ransom.

“This is happening to many municipalities in Connecticut,” said
Ziplow. “Plymouth is not the first. We are trying to figure out how it
came in so we can be better protected in the future.”

Sergeant John D’Aniello of the Plymouth Police Department said that
police still have access to their radios but they are now hand-writing
all of their reports or using typewriters.

“The police department is still in operation but we have no electronic
capabilities,” said D’Aniello.

Ann Marie Rheault, Plymouth Finance Director, said that the town would
also be notifying the various contractors or members of boards that
they have been emailing.

More information about the BreachExchange mailing list