West Haven falls victim to ‘ransomware’ cyberattack, pays $2,000 in Bitcoin to regain access to servers
City computers were down since Tuesday, Oct. 16, and West Haven paid anonymous perpetrators of a cyberattack $2,000 to unlock 23 servers and restore access to data, officials said Thursday.
The ransomware attack, which initially took place early Tuesday morning, disabled 23 on-site servers — although it did not affect off-site backup servers. It was contained by 5:30 p.m. Wednesday, officials said in a written statement.
But all City Hall computers initially remained shut down Thursday as a protective and preventative measure, and employees were warned with hand-drawn signs in the workplace not to turn them on.
They were “coming back up” incrementally Thursday afternoon, officials said.
Finance Department staff have been working on Board of Education computers, which were not affected by the cyberattack, to prepare the city’s payroll, Mayor Nancy Rossi said. Payday is Friday. Rossi said she expects city employees to get paid as they always do.
The city’s information technology manager, David Richards, notified Rossi, local police and federal authorities, the statement said.
It was Richards’ decision to shut down all city computers rather than worry about problems continuing to spread from computer to computer while the city fixed the issue, said Corporation Counsel Lee Tiernan.
MS-ISAC, a division of the U.S. Department of Homeland Security, assisted the West Haven Police Department in the investigation and determined the attack came from outside the U.S. The city has support from IT experts from the Connecticut State Police and other state agencies.
Rossi, Richards and police IT experts “determined the best course of action, given all available information, was to pay a one-time fee of $2,000 to unlock the servers,” the city said in the statement.
The city paid the ransom in Bitcoin digital “cryptocurrency,” said Tiernan.
The data restoration of a critical system occurred shortly after the completion of that transaction, the statement said.
Despite access being blocked, “there was no evidence that anything was being compromised,” Tiernan said.
While city officials initially did not want to pay, research showed that that was likely the easiest way to solve the problem, he said.
“Atlanta didn’t pay” when it was attacked, Tiernan said. “They wanted $57,000.” But “$3 million later, they’re still trying to clean it up.”
A source said the cyber threat initially entered the city’s computer system through a computer in the Assessor’s Office.
The city hired an incident response team from TBNG Consulting in Milford to evaluate the current impact and assist in continuing remediation and restoration of City Hall computing systems, the statement said.
“The response will be done methodically to reduce any future potential compromise,” it said. “At this moment, there is no reason to believe that any data was stolen as a result of the attack, according to federal and local authorities.
“The attack remains under investigation by federal, state and local authorities, with local response being provided by TBNG Consulting, the statement said.
Corrective measures are being explored to shore up city cyberdefenses and safeguard the city from future attacks, “and will be implemented by my administration,” Ross said in the statement.
Rossi said she contacted state Office of Policy and Management Secretary Benjamin Barnes, who is chairman of the Municipal Accountability Review Board that is working with the city to improve its finances, “because, given that they’re involved with us, they should know.”
“I can’t believe that ... of all the communities” in America, “they’ve got to pick West Haven,” Rossi said referring to West Haven’s troubled finances.
University of New Haven cyber security expert Ibrahim “Abe” Baggili said the fact that access to the city’s servers has been restored doesn’t in itself mean West Haven’s problems are over.
“They really have to find out how effective their systems are,” said Baggili, Elder family chairman and assistant dean of the computer science program at University of New Haven.
Globally, cybercrime is big businesses, with damage costs expected to hit $6 trillion by 2021, Baggili said, quoting research from Cybersecurity Ventures.
“It’s expected that by 2019, a business will fall victim to a ransomware attack every 14 seconds,” he said, quoting another report from Cybersecurity Ventures. But “for me, I think one of the biggest problems is how understaffed cyber security jobs are in the state of Connecticut,” Baggili said.
About 4,000 cyber security jobs were expected to open up over the last year in Connecticut, “but in the last year, only 500 people entered the (cyber security) job market in Connecticut.”
And right now, “the top-notch kids are not staying in Connecticut. They’re going to other states,” he said.
“Unless the state really dedicates” resources to address the issue, “it’s just going to get worse,” Baggili said. “If it’s not West Haven, it’s going to be another city, and then it’s going to be another city.”