On April 10, 2019 city officials announced that the City of Greenville had been hit by a ransomware attack.
The attack was first noticed by a police department employee who subsequently notified IT. The city’s IT staff made the decision to shutdown all affected computers to prevent the spread of the virus.
Members of the National Guard, Strike Team, State IT, and State Emergency Management are assisting with the recovery efforts. Also included in the investigation are agents from the Federal Bureau of Investigation (FBI). Local governments often include the FBI during cyber security incidents such as this.
During the investigation it was discovered that the malware used was a strain of RobbinHood ransomware. This is a particularly nasty strain of malware responsible for numerous ransomware attacks.
On April 16, 2019 city spokesman Brock Letchworth said that computers were still offline. As of this time there is no timeline for when they will be fully operational.
Letchworth says, “Technology does not run the city. It makes things easier of course, but the people run the city, and we’re just finding different ways to go about doing our job.”
City officials made the decision early on in the investigation not to pay the ransom. City officials decline to specify the ransom amount. They also went on to say there are no plans to pay the ransom.
Recovery Efforts Continue…
More than 2 weeks after the initial attack, life has started getting back to normal for city employees. The city’s website and email were operational again though the restoration is still in progress.
It is estimated that 800 systems were encrypted by the hackers. However, the city reiterated throughout the ordeal that emergency services such as police, fire, and medical were still operating normally.
Other services posed minor inconveniences to citizens. Services accessed through the city’s site, such as paying traffic tickets, were unavailable.
“We were just doing it a little bit differently,” says city spokesman Letchworth. City officials file some reports manually rather than electronically during the outage.
City officials are declining to disclose further information regarding the attack. At this time all further details are part of an ongoing FBI investigation.
Despite the Greenville ransomware attack, life is slowly getting back to normal for its citizens.
A Slow Return to Normal
Unfortunately it just takes time to restore systems. When deciding not to pay the ransom, you have to know you will be out of commission for a while. The City of Greenville however, worked around the clock to get their systems back online.
City officials announced on April 23, 2019 that all of the city’s services are fully operational. Despite this, many systems remain infected with the virus.
As with most ransomware, this variant likely spread through an email attachment in a phishing campaign. Hackers are targeting municipalities with increasing frequency as of late. Cities are likely to want to return to an operational state quickly and are more likely to pay the ransom.
The City fo Greenville was hit with a ransomware attack. Attacks like this highlight the importance of cybersecurity training. It is essential to educate employees on the dangers of malicious emails. All it takes is for one careless employee to download a malicious attachment. Cyber security takes all of us.