A representative of the City of Cartersville announced that the municipal government was the victim of a “ransomware attack” over the weekend.“While the City is operational, there are …
A representative of the City of Cartersville announced that the municipal government was the victim of a ransomware attack over the weekend.
“While the City is operational, there are potentially some areas that have been impacted,” stated City Communications and Public Relations Manager Rebecca Bohlander in a press release. “The City is working with authorities as well as a third party consultant to remedy any issues as quickly as possible.”
The City, however, is remaining mum on the details of the cyberattack. When asked by The Daily Tribune News, Bohlander said she could not give any specifics — such as the date of the attack itself, which departments are impacted and how much money is being demanded from the attackers — on the ransomware incident.
“They’re still trying to get to the bottom of it, and there’s still other stuff that can’t be discussed at this time,” she said.
Cartersville is far from the only municipality to fall prey to such acts of cybercrime. Last March, a ransomware attack on the City of Atlanta crippled several municipal services and resulted in the loss and/or destruction of years of data. Ultimately, the $51,000 ransomware attack ended up costing the City at least $2.7 million in associated expenses — with some reports suggesting the true cost of repairs may indeed be upward of $10 million.
Ransomware is essentially a form of hacking in which malicious actors install software on hardware that either locks users out of their systems or encrypts their files, making them inaccessible, until a payment of some form is made.
Documents, spreadsheets, pictures — all of them could be affected by ransomware, said Nathan J. Underwood, owner of Cartersville’s Cyber Tech Cafe and an information security specialist certified as an “ethical hacker” by the EC-Council.
“Without a decryption key, it’s unusable,” he said. “Think of it as a password protecting a file and then holding the password for ransom. That’s literally what’s happening.”
Last year, The Daily Tribune News spoke with Cartersville Assistant City Manager Dan Porta about the preventative measures the municipal government was taking against such cybersecurity breaches.
“We have servers that could contain data, obviously, we have detailed customer information, but we have safeguards in place already,” he said. “For instance, if you come in and make an application for City services, you have to provide, for example, a Social Security number or credit card information … that information is encrypted already, and once it’s entered into the system, you can only see, maybe, the last four digits.”
City representatives have not publicized whether or not City utility customer information has been compromised in the attack — or whether sensitive data about Cartersville residents has been breached.
There is no way to estimate a ballpark figure for how much the attack may ultimately cost the local government, Underwood said.
“The recommended action is quite literally nuke it from orbit,” he said. “Unless you can get solid attribution on how the attacker got in and what they did once they got in, there’s not a way for you to have real confidence in the system after that.”
And if that is the case with this weekend's attack, he said the City would more than likely have to scrub its entire system and start from scratch.
Underwood said the most likely source of the ransomware would be a phishing attack — i.e., someone within the City of Cartersville opening up a link, which launches the malware, in an email sent from someone pretending to be someone they are not.
“We don’t have enough information to speak intelligently on that yet,” he said. “But we have seen some cases where it’s a little bit more nefarious, when the ransomware is actually a forensic countermeasure, where an attacker has gained access to data and they’ve been able to exfiltrate the data and they saw that whoever their target was may have been on to them.”