Backups, Quick Response Stops Malware Attack on Ohio City

Computers and servers in Richmond Heights City Hall were infected by malware July 1. Just a day later, systems were returned to normal thanks to backups and a rapid response from the IT team.

by Jeff Piorkowski, The Plain Dealer / July 10, 2019
Shutterstock/JMiks

(TNS) — Police Chief Thomas Wetzel said at Tuesday’s (July 9) City Council meeting that a City Hall computer and server were infected July 1 by suspected ransomware, a type of malware.

Wetzel said Richmond Heights police quickly involved the FBI and, because the city had a backup computer system in place, the City Hall computer was working normally by July 2 and has continued to function without problems since.

“The City Hall’s computer system appears to be functioning normally at this time, but will be monitored closely to ensure its data is protected,” Wetzel said in concluding the reading of a brief statement at Tuesday’s meeting.

“We’re cautiously optimistic that no data has been compromised further,” Wetzel said after the meeting. “There’s always a chance, but we’re hoping that’s not the case.”

The RHPD and FBI are continuing to investigate the matter. “Our federal partners (FBI) have been very helpful,” Wetzel said.

Mayor David Roche said the ransomware likely infected a computer when an email from an unknown source was opened.

“Ransomware is an encryption of files,” Roche said. “We just recovered from the backup, so we didn’t lose anything.”

In the matter of a ransomware infection, Roche said: “They get into your machine (computer) and they encrypt all your files, and then they say, ‘Give us a bunch of bitcoin and we’ll give you the encryption code to un-encrypt your files.' So, it’s a ransom. It’s a bitcoin thing. Then, they’ll tell you how to convert your credit card to bitcoin.

“There’s all sorts of ways of tracing it, but most of them (ransom demands) are from out of the country,” he said.

Roche said he does not know how many dollars worth of ransom was sought, in that a large part of the computer screen was obscured by another window. The screen did show instructions on how to convert bitcoins to dollars using a credit card. Roche said it could be seen on the screen that someone was encrypting the files and that the city could not open them.

The city’s IT team is doing additional work now to ensure proper backup in the event of a future infection.

“We do multiple backups,” Roche said.

Speaking of ransomware, Roche said, “It’s becoming very prevalent.”

Cleveland Hopkins International Airport was a target of ransomware in April, which disabled its email system and information screens, but did not affect flights.

It has been reported that at least 170 local governments around the country have been attacked since 2013. Ohio local governments have included Cleveland, Akron and now Richmond Heights.

©2019 The Plain Dealer, Cleveland. Distributed by Tribune Content Agency, LLC.

Platforms & Programs