Details scarce on weekend cybersecurity breach

Posted

A representative of the City of Cartersville announced that the municipal government was the victim of a ransomware attack over the weekend.

“While the City is operational, there are potentially some areas that have been impacted,” stated City Communications and Public Relations Manager Rebecca Bohlander in a press release. “The City is working with authorities as well as a third party consultant to remedy any issues as quickly as possible.”

The City, however, is remaining mum on the details of the cyberattack. When asked by The Daily Tribune News, Bohlander said she could not give any specifics — such as the date of the attack itself, which departments are impacted and how much money is being demanded from the attackers — on the ransomware incident.

“They’re still trying to get to the bottom of it, and there’s still other stuff that can’t be discussed at this time,” she said. 

Cartersville is far from the only municipality to fall prey to such acts of cybercrime. Last March, a ransomware attack on the City of Atlanta crippled several municipal services and resulted in the loss and/or destruction of years of data. Ultimately, the $51,000 ransomware attack ended up costing the City at least $2.7 million in associated expenses — with some reports suggesting the true cost of repairs may indeed be upward of $10 million.

Ransomware is essentially a form of hacking in which malicious actors install software on hardware that either locks users out of their systems or encrypts their files, making them inaccessible, until a payment of some form is made.

Documents, spreadsheets, pictures — all of them could be affected by ransomware, said Nathan J. Underwood, owner of Cartersville’s Cyber Tech Cafe and an information security specialist certified as an “ethical hacker” by the EC-Council.

“Without a decryption key, it’s unusable,” he said. “Think of it as a password protecting a file and then holding the password for ransom. That’s literally what’s happening.”

 Last year, The Daily Tribune News spoke with Cartersville Assistant City Manager Dan Porta about the preventative measures the municipal government was taking against such cybersecurity breaches.

“We have servers that could contain data, obviously, we have detailed customer information, but we have safeguards in place already,” he said. “For instance, if you come in and make an application for City services, you have to provide, for example, a Social Security number or credit card information … that information is encrypted already, and once it’s entered into the system, you can only see, maybe, the last four digits.”

City representatives have not publicized whether or not City utility customer information has been compromised in the attack — or whether sensitive data about Cartersville residents has been breached.

There is no way to estimate a ballpark figure for how much the attack may ultimately cost the local government, Underwood said. 

“The recommended action is quite literally nuke it from orbit,” he said. “Unless you can get solid attribution on how the attacker got in and what they did once they got in, there’s not a way for you to have real confidence in the system after that.”

And if that is the case with this weekend's attack, he said the City would more than likely have to scrub its entire system and start from scratch.

Underwood said the most likely source of the ransomware would be a phishing attack — i.e., someone within the City of Cartersville opening up a link, which launches the malware, in an email sent from someone pretending to be someone they are not. 

“We don’t have enough information to speak intelligently on that yet,” he said. “But we have seen some cases where it’s a little bit more nefarious, when the ransomware is actually a forensic countermeasure, where an attacker has gained access to data and they’ve been able to exfiltrate the data and they saw that whoever their target was may have been on to them.”

Speaking with The Daily Tribune News last year, Porta ran down the official City protocol for a ransomware scenario.
“Our policy, obviously, we’d shut down the servers,” he said. “We routinely back up our information, so we could technically go back to an earlier date and refresh the data and lose, maybe, some current information. It would just be a matter of, first of all, what they hacked and to what extent.”
According to Bohlander, however, the City’s customer service lines remain open and can receive payments — albeit, with the online bill pay option unavailable for the time being.
“Customers will either need to mail their payments or come to the customer service office at City Hall,” Bohlander stated. “We apologize for any inconvenience this may cause our citizens.”
The extent of the damage, Underwood said, hinges on how proactive the municipal government’s cybersecurity measures have been in the lead-up to the attack.
“I have to imagine that the folks there are doing an outstanding job of managing this, they’ve probably dotted the i’s and crossed their t’s already,” he said. “If you’re vigilant about doing good backups and doing enough backups … if you have good backups, there’s absolutely no need for you to pay the ransom.”