Ransomware Attack Cripples New Jersey Town’s Website

(TNS) — The Bernards Township, N.J., computers were breached by a ransomware attack discovered Monday night that caused the township’s website to go offline, the mayor and administrator said.

Town and police officials are investigating, and have been in touch with state and federal law enforcement authorities, Mayor Jim Baldassare said.

Such a breach typically involves data being seized or locked, and it’s not released until money, a ransom, is paid.

Pat Monaco, the township administrator, said Thursday afternoon it’s not known who breached the system or for what reason. "...We’re trying to assess what’s going on without doing any damage to what we have,” he said.

He did confirm a message came with the breach, he did not say what the message said or if it listed any demands.

“We continue to dedicate all available resources to recovering from this event and will provide necessary updates as they are received,” Baldassare said. As with any investigation, this is a meticulous process, and we thank all of you for your patience and understanding as the forensics work continues."

The mayor said a preliminary review appears to show the town’s financial and payroll software systems were not affected, nor were systems used by the recreation department and their Microsoft Office announts. The township’s phone system is OK, as are police department systems.

Police Chief Michael Shimsky said the 911 system was not breached.

“We also want to emphasize that billing information is not hosted on our network,” the mayor said. It’s handled by a third-party vendor and the town has not received any reports of an intrusion there.

The township is working with a third-party computer forensics specialists to investigate the breach, Baldassare and Monaco said.

Local governments and school districts have become favorite targets of hackers’ ransomware attacks, due to often lagging security and a lack of IT staff. Many municipalities and districts have aging computer systems and often use third-party IT vendors for tech support.

The lack of a dedicated staff and few contingency plans often compel municipalities and school districts to pay up to hackers when a ransomware attack is launched, officials say.

©2020 NJ Advance Media Group, Edison, N.J. Distributed by Tribune Content Agency, LLC.