[ad_1]
ST. PAUL, Minn. (FOX 9) – For the second day, a steady stream of St. Paul employees streamed in and out of Roy Wilkins Auditorium, which had been quickly converted to a password reset center.
Eighty laptops were set up in two rows, accommodating the same number of people every 30 minutes.
Out of 3,500 employees, by late Monday they’d had more than 2,000 pass through. A single clearinghouse to get it done in the most secure and efficient way possible.
“So the recommendation from all the cybersecurity experts is this physical in-person reset is the most secure option to take,” said Mary Gleigh-Matthews, the city’s Deputy Chief Information Officer.
Hackers share stolen data
St. Paul ransomware attack: Latest info
A group that operates on the dark web accessed and published more than 46 gigabytes of city worker data in a ransomware attack that began in the city’s parks and recreation department, according to the latest developments provided by St. Paul Mayor Melvin Carter.
What we know:
The city detected the hacker breach on July 25 and immediately took steps to protect themselves from further damage, shutting off systems and backing up all their data.
The FBI, Homeland Security and the Minnesota National Guard are all working with the city to scour the systems to bring them back online.
The city confirmed over the weekend that it was a ransomware attack, and said they did not and will not pay the ransom.
On Monday, Mayor Melvin Carter said 43 gigabytes of data from a city Parks and Recreation shared server had been posted online, after the city did not pay a ransom.
But, Carter said, the data released was not critical.
“These are not core city systems like payroll, permitting or licensing,” Carter said.
“The contents are varied and unsystematic. They could include everything from work documents, copies of IDs submitted for HR or travel, or even personal items like recipes.”
But, he said, there’s no guarantee at this point they didn’t steal more data than what they have shared so far.
‘Operation Secure St. Paul’
What’s happening now:
On Sunday, city employees began showing up at Roy Wilkins Auditorium for scheduled password-reset appointments.
In 30 minute increments, 80 employees at a time are given temporary passwords, then guided through the process of setting up a new one.
Rather than let employees do this on their on, wherever they are, the central-location to do this was advised by cyber security experts the city has hired, partially to add another layer to the security of recovery.
“We want to be extremely careful,” explained Mary Gleich-Matthews, the city’s Deputy Chief Information Officer.
“So we’re verifying the identity of our employees to make sure they are who they say they are, and then we just really wanted to have that physical kind of moment to make sure that their devices were safe, that they understood what was going on, how we were protecting them.”
If employees also have a take-home device such as a laptop, that is a second step to making sure they have the updated cybersecurity software installed.
The goal is to get everyone, outside of those on vacation or on leave, to be updated by the end of the day Tuesday. And they’re moving very fast.
“We’re not going to go faster than it is safe,” said Gleich-Matthews, “but I can say that we are making excellent progress compared to a lot of there folks that have had an experience like this.”
Timeline unclear
What’s next:
It’s still unclear when the city’s systems will be fully back online. Some systems, those which use cloud-based servers, were never affected and have continued to function.
But others, such as payroll or licensing, have had to revert to old-fashioned human processing.
Carter said advanced security software has now been installed on more than 90% of city devices and that they’ve spent the past two weeks pouring through every server and application.
“This work will continue until we complete secured upgrades on every device and account, reviewed every system and strengthened every public policy needed to protect our people and the services they deliver,” Carter said.
Every city employee is offered 12 months of credit monitoring and identity theft insurance.
[ad_2]
