Florence, Ala., Cyberattack Raises Alarm in Neighboring City

The IT chief in Decatur says despite efforts to protect against cyberintrusion, systems are never 100 percent safe. The attack against neighboring Florence is costing the city $300,000 to retrieve its encrypted data.

by Bayne Hughes and Bernie Delinski, The Decatur Daily / June 12, 2020
Shutterstock/GlebSStock

(TNS) — Decatur Information Technology Director Brad Philips said the city allocates a lot money and energy to fight cyberattacks like the recent one on the city of Florence, but he’ll never feel confident that Decatur is fully protected.

Florence is paying nearly $300,000 in bitcoin, a type of cryptocurrency, as ransom to a group who hacked into the city's network security system in late May.

The Florence City Council held an emergency meeting Wednesday, where council members angrily and grudgingly but unanimously approved paying the money. They said they did so to preserve information about city workers, customers and the public.

“Ransom has been a problem for some time, and I won’t stop worrying until I retire,” Phillips said.

Phillips said he’s always looking at security options and studying the latest trends in security software and cyberthreats, but things change quickly. He also holds training for city employees and sends test emails to them. If they open one, they have to attend training, he said.

“We can make our data confidential with the integrity that we can trust the data,” Phillips said. “The problem comes when you make it accessible to people, which you have to do to use it."

For example, Phillips said someone can put information in a box and lock the box “so you know it’s safe. But it does you no good if you can't get in the box to reach the information.”

His department has a budget of almost $3.5 million annually, but Phillips couldn’t say how much is spent on cybersecurity.

“The good thing is the mayor and council recognize it’s an issue and they’ve been very supportive,“ Phillips said.

Decatur City Council President Paige Bibbee said she and fellow Councilwoman Kristi Hill asked Phillips last year to assure the city is protected, and they felt good about his answer.

“I don’t know if you’re ever 100% secure,” Bibbee said.

Florence council members were not happy with having to pay the ransom.

"Everything in my being says to not negotiate with anyone if it's my personal information," Florence Councilman David Bradley said. "But where I'm coming from is that I don't feel like it's my personal information. I feel like it's everybody else's."

Decatur Councilman Charles Kirby said he wouldn’t pay a ransom.

“We would just have to start from scratch,” Kirby said. “Maybe this is old-school thinking, but I would not pay a ransom.”

Bibbee said the problem with paying the ransom is the victim may not get its data back. The city does have insurance against an attack, she said.

“We had a local business get attacked recently, and they didn’t get everything back,” Bibbee said.

Florence Mayor Steve Holt said the city was contacted with information on May 26 about an impending cyberthreat.

"We began taking every precaution we could possibly take, and then on June 5 it actually hit us," Holt said. "It appears they may have been in our system since early May — over a month going through our system."

Florence officials engaged cybersecurity and computer forensics professionals Arete Advisors, and the council agreed to send the funds from the city's insurance fund to Arete "to restore and protect the city's network infrastructure," according to the resolution.

Florence issued a release stating officials are investigating but have not determined whether data relating to residents was affected.

"The city will continue to pursue all appropriate avenues and to take action with the best interests of our citizens in mind," the release states. "Working with the experts we engaged, we are striving to return to fully operational status in a safe and secure manner as soon as possible.

"The city has been in contact with numerous federal agencies and we will continue to cooperate with all law enforcement investigations into the incident."

Holt said the money is the equivalent of 30 bitcoins.

Investigators told the council the organization that will receive the ransom has a reputation for not attacking a system or releasing information any longer once ransom is paid.

They said the organization survives on that reputation, because if it does not live up to its end of the deal, the next entity it attacks would be less likely to pay.

Holt said thus far it appears everything is secure but the city does not want to take chances since it involves information about other people such as employees and the public.

"It's a roll of the dice for us to say 'nope we're not doing that,' and if they actually have our information in their possession they can send it publicly," he said. "This unfortunately is a response on our part to pay to make sure they delete it."

The mayor said he has been told two other north Alabama cities were attacked at around the same time Florence was hit.

©2020 The Decatur Daily (Decatur, Ala.) Distributed by Tribune Content Agency, LLC.

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.

Platforms & Programs