Most St. Helena city services restored after cyberattack | #ransomware | #cybercrime

ST. HELENA — Most city services have been restored as St. Helena recovers from a cyberattack that targeted city computers and forced the closure of the St. Helena Public Library on Monday.

A text file left on the city’s server confirmed that Monday’s incident was a ransomware attack, program manager Andrew Bradley said. Ransomware hackers typically encrypt data and threaten to withhold or leak it unless they are paid.

The public computers at the St. Helena Public Library were still offline Tuesday while the city dealt with the fallout from Monday’s cyberattack.

“We haven’t gotten a dollar figure, but it is a ransomware group,” Bradley said.

The city had just backed up its data on Sunday night, so it might be possible to restore the system using the backup without losing much data.

Bradley said investigators from the U.S. Secret Service and the FBI visited City Hall on Monday to gather evidence for a forensic investigation to guide the city’s next steps, determine how and when the attack originated, and find out what data was compromised.

People are also reading…

Bradley said the city doesn’t believe any personal data such as credit card information was compromised. The attack didn’t infiltrate Xpress Bill Pay, the cloud-based system the city uses for online billing.

The attack affected up to 20 St. Helena computers and at least one server. Bradley said some city computers that were “severely impacted” will need to be wiped and rebuilt, but most of them have gotten the all-clear, although staff still can’t access the city’s server.

As of Tuesday morning, the library and City Hall were open as usual. Bradley said city employees were able to read incoming emails on their computers and phones but were still prohibited from sending any as a precaution. Members of the public with urgent matters can email [email protected].

Employees still can’t access the city’s server, so some services might take longer than usual, Bradley said.

Essential services like police, fire, 911, and water and wastewater treatment were not disrupted by the attack. Neither was the city’s website.

On Tuesday, library staff were checking out materials using an old laptop that hadn’t been exposed to Monday’s attack. The desktop monitors typically used by staff and the public were all covered with signs saying, “Computer temporarily unavailable.”

The City Council was set to discuss the incident during closed session on Tuesday, using a rarely invoked provision in California law that allows “threats to public services” to be discussed in private.

It’s still unclear whether the incident was related to the April 5 ransomware incident that affected the St. Helena Public Library’s sister libraries in Solano County. The city initially warned that patrons’ data might have been compromised by that attack, but later said its data services provider had confirmed the library hadn’t been affected.

The timing and method of Monday’s attack are some of the unknown factors that are still under investigation. Ransomware attacks can be triggered when someone clicks a malicious link in an email, or when hackers steal or guess someone’s login credentials.

You can reach Jesse Duarte at 707-967-6803 or [email protected].

Source link


National Cyber Security