IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

U.S. Secret Service Investigating Cyberattack on Ohio City

The city of Riverside has seen several attacks against its IT infrastructure in recent weeks. Officials are still trying to piece together the extent of the attack.

(TNS) RIVERSIDE, Ohio — U.S. Secret Service agents are investigating the attack on Riverside’s computer server, according to state and federal officials familiar with the matter.

Because the federal agency is tasked with and experienced in defending U.S. financial institutions from cyber attacks, the Secret Service often assists local governments facing similar attacks.

“As a matter of policy, the Secret Service does not discuss active criminal investigations,” said Kevin Dye, resident agent-in-charge for the U.S. Secret Service in Dayton.

Another computer virus hit the city of Riverside’s police and fire servers last week and erased certain files, the city manager said today.

The attack — the second to hit the city in several weeks — was less damaging than a still-unsolved attack last month that rendered about 10 months of police records inaccessible to police officials, City Manager Mark Carpenter said.

Riverside officials have not determined what exactly happened during the attacks, Carpenter said. City officials plan to meet May 15 with the city’s third-party information technology company to discuss the problem.

“We’re still trying to get to the bottom of how the attack was initiated,” Carpenter said.

Carpenter said the term “ransomware” was used to describe the attack. The term implies that a third-party held, or is holding, the city’s data hostage in exchange for a ransom, often paid in bitcoin or other cryptocurrency. But Carpenter said the city has not paid such a ransom, and he wasn’t aware if such a ransom was demanded.

The recent virus attacked the city’s server Friday afternoon and erased about eight hours worth of data, Carpenter said.

“Everything was backed-up, but we lost about eight hours worth of information we have to re-enter,” he said. “It was our police and fire records, so we just re-enter the reports.”

Carpenter said the attacks have not hindered criminal investigations or prosecutions, because many of the documents made inaccessible in the first attack “are copied and are with the court system, so there are hard copies out there.”

Police and fire reports often contain a host of personal data about individuals — victims, suspects, witnesses and police officers themselves. Reports can include Social Security numbers, birth dates, addresses, insurance policy numbers, medical information and other data. Some data are routinely available to the public, but other data are withheld under public records law exemptions.

The city has not said if any confidential investigatory data are compromised by the attack, but Carpenter said, “people’s personal information, as we understand it, has not been disseminated to any hackers.”

Riverside faces these computer problems as cities and organizations across the U.S. and globe, including the city of Atlanta, have faced crippling computer viruses costing millions of dollars in repairs and untold hours of labor.

In Clark County, Mad River Twp. Fire and EMS data were hacked and encrypted with ransomware in December.

Atlanta’s municipal government faced a ransomware attack in March. An attacker demanded a $50,000 ransom to restore the city’s systems. The city ended up shelling out nearly $2.7 million on eight emergency contracts in an attempt to fix the problem.

Three federal agencies — the FBI, the Department of Homeland Security and Secret Service — assisted Atlanta during its attack.

Carpenter said he didn’t think Riverside has asked for similar help. He said Ohio Auditor Dave Yost’s office provided some assistance, but did not specify how the state office helped. Yost’s office did not immediately respond to a request for comment.

For years, the FBI has warned that the use of ransomware — malicious software that threatens to block access to data or to publish it unless the infected organization pays a ransom — is a fast-growing criminal enterprise.

Organizations often don’t learn they have been infected until they can’t access their data or until computer messages appear demanding a ransom payment in exchange for a decryption key, according to the FBI’s website.

©2018 the Dayton Daily News (Dayton, Ohio) Distributed by Tribune Content Agency, LLC.