Brattleboro declines to pay ransom after system hacked

Town officials declined to pay hackers after data was stolen from Central Fire Station and “held for ransom.”

On Aug. 22, Assistant Town Manager Patrick Moreland was in a meeting on how to improve connectivity between remote locations in Brattleboro when Fire Chief Mike Bucossi alerted him of a problem with the server.

“People with malicious intent had hacked into our server at Central Fire and had encrypted all of the information on the fire department’s server,” Moreland said. “At that point, there was a little text document that gave the town a ransom note. They would allow the town access to the information if we would pay them a certain sum.”

That figure was about $2,600. The request was for four Bitcoin, so the value of the digital currency can change. Now, the price tag would be about $2,400. A telephone number was given to the town to call, said Moreland. Upon payment, the town would receive access to the data.

What kind of information the hackers had and how important it was had been the focus of a discussion between Moreland and Bucossi. They came to an agreement not to pay the ransom.

“We were not interested in rewarding bad behavior,” said Moreland. “We talked it through at some length whether there was any information that was particularly sensitive or would we just have to be making up for some lost administrative work. We decided we could live without it and we decided to recommend not paying the ransom.”

Because Town Manager Peter Elwell held the same view, the data was lost, although some of it could be recreated. Efforts were taken to put the fire department back into normal operation. This took roughly 24 to 48 hours after the encryption. The town notified the Vermont Attorney General’s Office to satisfy statutory requirements and the police department was alerted. Fire department employees also were told about the breach of security.

IT workers told the town no further risk existed in relation to the incident.

“The only data of concern was payroll data and employees’ social security numbers,” Moreland said, referring to information containing hours and salaries. The missing payroll data could be located in other parts of the town’s system. Elwell said the rest of the information included administrative documents and letters.

The town is currently seeking input for its Comprehensive Review of Town Operations, which is expected to be presented publicly next month. Part of the process entails looking at managing networks and technology, and the use of technology. But IT issues were identified before Elwell joined the town administration in January 2015.

“We realized we need to upgrade the security and functionality of the IT systems,” he said. “This summer, we implemented security improvements.”

Upgrades were close to being complete the day the hacking occurred, according to Elwell. Central Fire Station was one location that had not been updated by the time of the incident.

Elwell was in Montpelier for a meeting that day.

Moreland “handled the matter very well, bringing people and resources together to assess the situation,” said Elwell. Brattleboro Fire Alarm Superintendent Joe Newton also worked with Moreland and Bucossi.

It’s hard to tell if the situation would have been different had the several-week process of updating security been finished, said Elwell.

“I can’t say this wouldn’t or couldn’t have happened but we would have been better protected. The IT experts will tell you, there is no barrier you can install that is completely impenetrable. But there certainly are prudent security systems that need to be in place for an organization of our size, handling the information we do in town government.”


. . . . . . . .

Leave a Reply