Officials in the Florida city struck by ransomware earlier this month say the professional services firm will help them determine whether any data was compromised during the attack and, if so, what data.
Though Pensacola has mostly recovered since it was struck by ransomware two weeks ago, the Florida city has hired the professional services firm Deloitte to investigate the source and extent of the attack, officials say.
Officials paid the firm $140,000 to assess how the attack occurred, whether any of the malware is lingering in the city's network and if any data was compromised during the incident, said Kaycee Lagarde, public information officer for the city, speaking with Government Technology.
It's unclear how long the firm will take to conduct its work, though Lagarde said that the city was interested in the results "as quickly as possible."
The concern about the city's data may be rooted in the fact that, as Ars Technica reports, the ransomware involved appears to have been Maze, a unique strain that is known for exfiltrating — that is, stealing — data rather than encrypting it. Hackers have begun to use Maze to leak data on targets that don't pay their ransom.
Cybersecurity site BleepingComputer has also claimed that the ransom attached to the attack was $1 million, a high demand for a city of Pensacola's size.
Despite these reports, officials say the city has almost totally recovered from the Dec. 6 attack.
"City services have mostly been restored," said Mayor Grover C. Robinson Monday during his weekly press conference, explaining that many of the departments and capabilities that had been affected — including online bill pay, phone lines and Internet — are back to normal.
"We are operational at this point. There may be certain departments [where] tech resources is still connecting individual computers to the network. But overall we are operational. Every department is functioning," said Lagarde.
Hiring Deloitte to look into the attack was largely a precautionary measure, she added.
"For us it was really just an extra security measure," said Lagarde. "Of course we have a very capable technology resources staff but we just wanted to take that extra step to make sure that everything was completely out of our network."
The city is also interested in purchasing cyberinsurance, said Lagarde. The policies have increased in popularity for local governments as cyberattacks have become more common, with fellow ransomware victim Baltimore recently purchasing a $20 million policy. The city's new risk manager will be tasked with procuring the insurance, Lagarde said.