Maine’s capital city was hit in April 2019 with what Augusta officials said was a highly targeted malware attack that froze its entire network and forced the city center to close.
Updated April 29, 2019: The hackers demanded at least $100,000 in ransomware payments, though the exact figure was not disclosed. City Manager William Bridgeo and his team declined to pay the ransom, and instead rebuilt the network from scratch using backup files, according to CentralMaine.
Original April 23, 2019 report: The malware was found on about 12 city computers or other devices and 10 servers, Fred Kahl, the city's director of information technology, said (via CentralMaine). The city’s servers weren’t damaged, he said.
Augusta’s in-house cybersecurity staff and Portland-based managed security services provider (MSSP) Systems Engineering hadn’t yet investigated the source of the malware, said Ralph St. Pierre, finance director and assistant city manager. St. Pierre didn’t know how much the attack would cost the city.
So far, city officials believe that the system freeze was caused by a "piece of malware that had a bad attitude,” Kahl said. The city may never know exactly how the attack occurred, he said. “We’re only sure it was a vindictive piece of malware. We’re looking into how it got in. Obviously we don’t want to do this again.”
(Side note: We gotta admit, “vindictive” and “bad attitude” is a pretty cool way to describe malware.)
Augusta, Maine: Cyber Attack Background
While officials couldn’t yet identify the nature of the infection, which was discovered early on Thursday, April 18, it appeared to have some of the earmarks of a ransomware attack rather than a data breach -- no sensitive data was stolen or compromised, officials said. The malware first shut down the city’s police department computers and subsequently its servers and then its entire network.
But by Friday, the malware had been removed and the work begun to restore the network and reinstall the software and data. Later that day, the Augusta police department’s systems were back online. “We’re pretty much back up and running, dispatch is working as it was before,” police chief Jared Mills reportedly said. (via CentralMaine.com) “Obviously public safety was a priority.” The city’s financial systems remained down over the weekend.
School computers and servers, which were isolated once the malware was discovered, were not affected by the cyber attack.
Faced with a systems lock down, Maine officials appeared to have kept their cool and to have been prepared. For Augusta, getting back online and functional by the weekend was particularly important. The Kora Shine Circus was in town for a three-day run.
MSSPs Assist Cities With Cyber Attack Prevention, Recoveries
A growing list of cities and municipalities have suffered cyber attacks and ransomware incidents in recent months. Targets have included:
March 2019: Albany, New York, suffered a ransomware attack.
March 2019: Jackson County, Georgia officials paid cybercriminals $400,000 after a cyberattack shut down the county’s computer systems.
March 2018: Atlanta, Georgia suffered a major ransomware attack.
February 2018: Colorado Department of Transportation (CDOT) employee computers temporarily were shut down due to a SamSam ransomware virus cyberattack.
Amid the attacks, many MSSPs and MSPs have introduced cybersecurity training — including simulated phishing attacks — to help ensure customers don’t fall for attacks that trigger ransomware malware. Also, many MSSPs and MSPs have been shifting to next-generation endpoint protection systems that mitigate most ransomware. Some traditional anti-virus packages have been known to overlook the attacks.
As a fail-safe, MSPs have also combined security with business continuity and disaster recovery services, which can restore data after a ransomware attack.