11 Days Post-Attack, Akron City Systems Mostly Mended

The Ohio city was targeted by a cyberattack Jan. 22 that forced IT personnel to take some services offline. More than a week later, public-facing services are back online and infected systems are being nursed back to full health.

by Alan Ashworth, Akron Beacon Journal / February 4, 2019
Shutterstock/NicoElNino

(TNS) — Eleven days after a cyberattack sent chills down the spines of Akron officials, the city was making significant progress in bringing the infected systems back to health.

City spokeswoman Ellen Lander-Nischt said Friday afternoon that online billing functions have been restored and the city's email system is on its way.

"Most customer, public-facing systems should be up and running," Nischt said Friday in a phone interview. "We are able to take all payments."

The Jan. 22 attack forced the city to shut down significant portions of its cyberoperations, including online bill paying, the online 311 service and citywide email. Those actions helped limit the severity of the attack, but brought more inconvenience to city residents reeling from a just-concluded snowstorm.

"We have been informed by our partners that our software and IT staff were incredibly successful and efficient in detecting, isolating, and mitigating this attack ...," Nischt wrote Friday in an email response to questions about the city's situation.

On Friday, city council members said they were asked to bring in electronic devices for the city's IT department to "clean" as part of the restoration process.

"I'm supposed to bring in my phone — city phone — and tablet," Councilman Bruce Kilby said Friday. "They are ready to put the system up and running."

He said the one-two punch from last week's snowstorm and the computer attack set the city back on its heels and left his constituents grousing.

"They're upset about not being able to access the 311 system," Kilby said. "It's intolerable not to be able to communicate in a modern way."

Councilwoman Tara Samples, who represents the city's fifth ward, expected to get a flood of emails once she was able to access them. But Samples said she appreciated the thoroughness of the city's approach to disarming the malware.

"I'm glad they took the time to work out all the glitches," Samples said. "I would rather them be safe than sorry."

Samples said that although the city's been hit with cyberattacks before, she believes it has adequate funds for its computer operations. Since 2016, Akron has spent more than $9 million on IT infrastructure and maintenance.

"I would hope that we would not allocate any more funds until we work out the issues we already have," Samples said. Those issues go beyond the city's computer system, she said. "They may need to go up to the University of Akron and grab some of the undergrads."

UA has placed considerable emphasis on its cyberprograms and recently added a popular cybersecurity major.

Ward 10 Councilman Zack Milkovich said his constituents were livid about the slow pace of snowplowing and the downed online 311 system.

"When that system shut down, my phone just blew up," Milkovich said. "It was chaotic and a mess."

Unlike Samples, Milkovich said that council should consider more money for cybersecurity.

"If they're [still] getting through," Milkovich said about cyberattackers, "maybe we should look at allocating more funds to that."

Akron Municipal Court's online court records search was one of the victims of the attack, but it has since been restored. So has the ability of the court to process credit card transactions onsite.

Jim Laria, Akron Municipal clerk of courts, said that as severe as the attack was, it could have been far worse.

"We were able to input everything, our day-to-day stuff," Laria said. "This was a really bad ransomware attack. It could have crippled the city."

Laria said some network capability, including the ability to connect with city servers on payroll functions, had been restored. He expected the cybersituation at the courthouse to be approaching normal by weekend's close.

"Let's hope we have a good weekend and are ... fully functional come Monday," Laria said.

Nischt said that after the malware is purged from the city's computer system, the work of identifying the attack's source will continue.

"The FBI is still working with us and our state partners," Nischt said. Some new software has been purchased to keep pace with ever-emerging cyberthreats, and some hardware has been replaced. Nischt said it is still too early in the process to estimate the financial effect of the attack.

Nischt, however, echoed Laria's optimism that the city's cybersickness may be largely cured in a few days' time.

"Hopefully, next week we'll have full functionality," she said.

©2019 the Akron Beacon Journal (Akron, Ohio). Distributed by Tribune Content Agency, LLC.

Platforms & Programs