Ransomware — a malicious software, or “malware,” attack designed to block access to a computer or computer system’s files — was sent to city staff as an email attachment that looked like an invoice, Schwabauer said.
After a staff member clicked on the attachment, the malware was spread through the city’s network of computers. It encrypted critical files that knocked several key phone lines out of service, including the non-emergency number for the Lodi Police Department, the emergency outage line for Public Works, and the main numbers for City Hall and the finance division.
Hackers demanded the city pay a Bitcoin ransom in exchange for the encryption keys — similar to passwords — that would release the servers.
Bitcoin, an unregulated form of virtual currency, has become the most popular method for demanding ransom because transactions are anonymous. That prevents extortionists from being tracked.
“The ransom demanded 75 Bitcoins (approximately $400,000 at the time of the inquiry) be paid to restore our systems. We did not pay the ransom. Instead, we rebuilt our systems from our back-ups,” Schwabauer said.
Following the attack, the city hired security experts and a legal team to conduct a series of forensic audits. Technicians who investigated the city’s computer systems were able to trace information included in the malware’s code, and concluded that public information was not compromised as a result of the ransomware attack.
“We did not come forward with this information because we were following the advice of legal counsel. To say anything more would be a violation of attorney-client privilege,” Schwabauer said.
The problem was first discovered by city staff on April 1, and it was believed to have been corrected a month later. However, the problem returned and affected the Lodi Police Department’s software network in May, which interrupted their phone lines.
While ransomware attacks have been occurring around the world since 2005, new innovations in the past several years have allowed hackers to become more deliberate and sophisticated in their attacks.
In recent years, malware distributors have targeted cities, police departments, school districts and hospitals. In their attempts to ransom large databases of personal and financial information, they have been known to incapacitate fax machines, phone lines and electrical grids.
“I have to say from my perspective, ransomware attacks were not high on my radar as city manager because there were only a few cities that this had affected, but our IT staff had their eye on it,” Schwabauer said.
Although city officials did not anticipate the attack, once they were hit, they came to realize how sophisticated the malware was.
“The virus goes looking for vulnerabilities. It looks for elements of data that are valuable to you,” Schwabauer said. “It attacked our phone systems, our payment data and our financial systems.”
Most of the city’s workstations were not affected during the attack, he said, and most of the systems affected by the malware were rebuilt quickly.
Following the attack, the city met with Assemblyman Jim Cooper, D-Elk Grove, for their annual budget meeting and requested funds to better secure the city’s computer systems.
Cooper, who serves as the commander of the Sacramento Valley Hi-Tech Crimes Task Force, requested $500,000 for the city’s upgrades. He has also advocated for more stringent cybersecurity regulations and better protection of constituents’ personal data.
The City of Lodi has cybersecurity insurance with a capped deductible of $50,000, Schwabauer said. City staff are active in their pursuit of filing a claim on the city’s behalf, he said.
He could not confirm the cost of correcting the ransomware issues or how many hours staff have had to work to repair and rebuild city systems.
©2019 the Lodi News-Sentinel (Lodi, Calif.). Distributed by Tribune Content Agency, LLC.