12 hours ago
In wake of Good Friday cyberattack, city of Abilene replacing all desktops, laptops
The city of Abilene is still in recovery mode after a cyberattack from foreign hackers was discovered over six weeks ago, city officials said in a statement Monday. Recovery efforts mean replacing the city's network infrastructure including all desktops and laptops.
Hackers encrypted and deleted city data in the ransomware attack, demanding the city ante up to get its information back, according to the statement. The city has no intention of paying a ransom.
On April 18, city officials detected that city servers were unresponsive and began investigating the outage, city officials said in the statement.
After the city's information technology department determined a foreign actor had compromised the city computer systems, the full network was shut down around 7 a.m. April 18 to prevent any further intrusion or data loss, the statement said.
'They encrypted data and deleted data off our servers," Troy Swanson, IT director, said.
Swanson said the hacking group compromised the city's network and accessed administrative credentials. They also attempted to uninstall antivirus software and remove other protective measures.
The city was given a deadline of May 27 to pay a ransom to restore the stolen data, an estimated 477 gigabytes.
According to the statement, 477 gigabytes is equivalent to around 238.5 million pages of PDFs or 48 hours of 4K streaming on Netflix.
A article noted that Russia-based ransomware group Qilin claimed responsibility for the cyberattack, the Abilene Reporter-News reported May 20.
Qilin 'runs a ransomware-as-a-service business in which affiliates pay to use Qilin's malware to launch attacks and collect ransoms,' the May 19 Comparitech article said.
In city officials' statement Monday, they stated communication was made with the suspect hacking group claiming responsibility to understand the nature of the information taken.
The city statement did not name Qilin.
City officials determined they will not aid or abet the perpetrators otherwise and will not pay the ransom, the statement said.
The city statement on Monday did not state the dollar amount of the ransomware the hackers sought.
More: The city of Abilene says it will not pay ransom to cyberattackers
'I was involved in the acquisition of our cyber insurance because of my role in overseeing risk management,' Mike Perry, director of the city's office of professional standards, said. 'Fortunately for us, we increased our insurance coverage last year.'
Perry has assisted in the investigation with his background in law enforcement and in his role as a city administrator to work with the cybersecurity team hired by the city's insurance company to mitigate damage and help with recovery efforts, the statement said.
When threat actors attack a network, Perry said they encrypt data so it's hidden from the entity it belongs to. Then perpetrators ask for a ransom to unencrypt and recover the data.
While the data may be valuable, 'we're also not going to bow down to a criminal organization' as there is no guarantee the data will be recovered or not sold on the "Dark Web," said Perry, who was an Abilene assistant chief of police for 12 years.
As of May 28, there have been no indications Abilene's information has been misused or residents' information has been used or released, Perry said.
He said the amount of data taken appears to be relatively small compared to the city's total storage capacity.
'We're currently in this pattern of waiting to see if and when they're going to publish the data,' Perry said. 'There's not a lot more dialogue to be had because we've told them we're not going to pay the ransom.'
The investigation is ongoing and the exact information taken by the hackers is unclear, Perry said.
City employees and Abilene residents are asked to actively monitor their credit card and other accounts for data breaches and to report anything suspicious, the statement said.
As network functionality is restored, the city will release periodic updates until all functions and points of access are fully operational, the city statement said.
Information will be released by the city as needed and with limits to ensure the ongoing investigation is not compromised, the city statement said.
Swanson said staff are in the process of replacing all network infrastructure, including servers, storage, phones, desktops and laptops. They were able to restore core services quickly after the attack.
"By doing so, we will create a new cyber secure environment that we can assure is set up for the future and not able to be compromised," he said.
The main push has been to supply city employees with desktops and laptops so they can perform their functions, Swanson said. There have been interim measures taken so employees can perform work, he said.
While there still will be hurdles to overcome, residents and employees should expect the majority of day-to-day functionality to be restored soon, he said.
The city hopes to be fully functioning in a few months, Swanson said.
Citing the cyber attack discovered April 18, the city of Abilene filed a catastrophe notice and then an extension to enable it to temporarily suspend the requirement to provide public information under state law, according to a Texas Attorney General's Office database.
In total, local officials tapped into a state measure allowing the city to forego responding to citizens' open records requests from April 22 through May 5, according to an April 29 report from ARN.
Cyberattacks are an ongoing threat in the digital landscape and have become a new type of emergency which organizations must endure, Swanson said.
Cities and municipalities recently affected by cyberattacks include the Texas cities of Mission, Richardson and Killeen, city officials said.
Other cities targeted by cyber attacks include Baltimore, Maryland; Cleveland, Ohio; White Lake Township, Michigan; Arkansas City, Kansas; and El Cerrito, California, city officials said.
Early or on Election Day: What to know about voting in Abilene City Council runoff race
Development Corporation of Abilene seeks approval for $3.5 million Project Surf incentive
This article originally appeared on Abilene Reporter-News: City of Abilene in full network shutdown after cyber attack, ransom demand
