An insurer has paid an unknown person $320,000 to keep any sensitive information obtained as a result of the cyber attack from being exposed, the city said in the statement from City Manager Nick Edwards.
An investigation into who conducted the attack is still underway. Systems that were shut down by the attacker included computer servers and programs that operated the city's online services. The city's Internet-based telephone system also was interrupted but was restored two days after the attack.
Third-party cybersecurity firms were hired to recover the city's information technology systems.
"The city has been working with these third-party cybersecurity experts to secure the city's network and resume critical operations as quickly as possible," the statement said. "To date, the city has restored nearly every system and the associated data needed to resume normal operations, including the city's COVID-19 dashboard, online utility payments and court functions. The city continues to work diligently to restore services such as obtaining birth and death certificates and the graphic information systems (GIS) as quickly and as safely as possible."
In addition to restoring those systems, an information technology forensics firm has been hired to investigate the scope of the network security intrusion to determine what data may have been accessed.
"This investigation into who and what specific information may be involved is ongoing, involves a manual document review process, and may take an extended period of time to complete," the city said.
When that probe is concluded, city officials intend to notify anyone whose private information may have been accessed or compromised and to help those individuals protect their information, according to the statement.
No additional information about the breach will be disclosed now because making more information available to the public could harm the investigation and expose the city to future risks or attacks, the statement said. City staff is identifying technology and services that could be used to protect against a future security breach.
Ransomware is a malware program used to encrypt computer systems, John Motazedi, the owner of a local IT consulting firm, SNC Squared, told the Globe last month. The firm has not been involved in the city's case.
Motazedi said there are several ways to infect a computer system with crippling software. It can be done by sending a coded program through an email that can unleash encryption through the system, or by downloading a program without knowing it is infected with malicious coding, or by going into the system's servers, the central brain of a computer system, to implant the encryption.
Once a system is overtaken by encryption of its programs, the user cannot operate the computer or the system but will instead receive a pop-up message to pay a certain amount of money to receive a code that can be used for decryption. Typically, Internet criminals demand payment in bitcoins, a kind of online currency difficult to trace.
If a computer owner does not pay the ransom, hackers might sell any information found in the system on the dark web, Motazedi said. The dark web is a place online that requires a special browser to reach. Both legal and illegal information can be posted on the dark web, but it is known as the place to buy and sell stolen data such as identity information and credit card numbers.
Crowder College was hit in July 2019 by ransomware hackers who demanded $1.6 million for the decryption codes. That shut down computer operations campuswide and took about five months to repair because the college would not pay the ransom, college President Glenn Coltharp said last month.
©2021 The Joplin Globe, Distributed by Tribune Content Agency, LLC.
