The City Council announced a special session will be convened on Monday evening in part to adopt a resolution of a state of emergency for the small Bay Area city of about 33,000.
Government services have been largely suspended since last Thursday morning, when "suspicious activity" was first discovered on the city's computer network.
"As a precaution, we have taken most of our computer systems offline while we ensure the security of our network," city officials said in a news release on Friday. "We are engaging with independent cybersecurity specialists to assist with the investigation and remediation."
Most government services are still down, and their restart timeline is "yet to be determined," Austin Walsh, communications manager for Foster City, confirmed to SFGATE on Monday. Foster City police and 911 services are still working.
Small municipalities have increasingly become a target for cyberattacks in recent years.
In 2023, the U.S. Department of Homeland Security announced it would issue $375 million in grant funding to smaller governments due to the risk of these attacks. The same year, Oakland dealt with a cyberattack that exposed employees' personal information and paused local services.
Jake Tarrant, a manager of incident response at the cybersecurity firm Logically, said small municipalities are at risk for cyberattacks, as many do not have the budget to consult with security firms ahead of an attack. He explained many of these attacks come from organized crime groups outside the country, and the attackers can use a phishing scheme or exposed firewall to gain entry into a government's system.
"From there, once they're on the network, it's kind of like being inside your house, you've kind of infiltrated those walls, you're able to pivot to different parts of the network," Tarrant, who is not working with Foster City officials, told SFGATE. "From there, they're able to look around and say, 'OK, where is their servers? Where does the city host their files?'"
Tarrant said these groups can work extremely quickly, and within a matter of hours, they can start encrypting key information or accessing sensitive personal information like Social Security numbers. The attacks can be extremely disruptive to small governments and take "three to six weeks for a sense of normalcy" to return, Tarrant said, although he clarified that key services can come back online more quickly if they are prioritized.
As ransomware attacks have become common, Tarrant said, fewer victims are paying ransom for their data, in part because so much personal data has already been compromised in earlier leaks. He advised people concerned about their personal data to take steps to protect themselves, including freezing their credit.
"We're seeing some bit of like ransomware fatigue, if you will," he said. "You know, my data has been stolen probably three times over."
© 2026 SFGate, San Francisco. Distributed by Tribune Content Agency, LLC.
