Pensacola, Fla. Cyberattack Is Ransomware, Officials Confirm

The nature of the attack, which forced the Florida city to disconnect its entire network, is now confirmed. City officials say other details are pending as investigators look into the extent and source of the disruption.

by Lucas Ropek / December 10, 2019

The cyberattack in Pensacola, Fla., that knocked out the city's network and incapacitated a number of services last week was ransomware, city officials now confirm. 

"I'm not sure of the exact timeline [on discovery of the malware] but we just recently confirmed that it was a ransomware incident," said Kaycee Lagarde, public information officer for the city, speaking with Government Technology

The attack — which affected email and phone lines, 311 customer service and online payment services, but left emergency support services untouched — struck city systems early Saturday morning, only hours after a gunman killed three people at the Pensacola Naval Air Station.

Some speculation that the cyberattack may have been connected to the shooting, which is being investigated as a potential terrorist attack, seems to have been put to rest after an initial investigation by the FBI, and Legard said she couldn't comment further. "I'll leave that to the FBI," she said. "That's their investigation ... I believe it's still ongoing."  

According to news reports, the attackers appear to have used the same software used against Alliance Universal, a California-based security company that was recently hacked. Lagarde couldn't comment on the nature of the ransom attached to the attack. 

A blog post by Jeff Bergosh, a commissioner for District 1 of Escambia County, where Pensacola is located, provided more details of the regional emergency response operations, including that the Florida Department of Law Enforcement is apparently assisting the city in its ongoing recovery efforts.

As of Monday, some of the email servers were back online, Legarde said, but since the network is still offline only staff with city phones have been able to access their email accounts. It's unclear when everything will be back to normal, she added.   

"Right now we're really in the assessment and recovery phase from the incident, so we don't know about [whether important data has been lost or compromised]," Legarde said, while noting that IT staff are looking into the possibility of bringing in an outside vendor or entity to assist.

"We currently have limited access to email... Right now all of our computers are still disconnected from our city network until IT can make sure that everything is completely clean before we reconnect everything," she continued.   

Platforms & Programs