Ransomware shuts down online services in Joplin, Missouri.
(TNS) – A July 7 network security incident that shut down the Joplin city government computer system was believed to be the result of ransomware, the city said in a statement on Thursday amid an investigation In progress.
An insurer paid $ 320,000 to an unknown person to prevent any sensitive information obtained as a result of the cyberattack from being disclosed, the city said in a statement from chief executive Nick Edwards.
An investigation into the perpetrator of the attack is still ongoing. The systems that were shut down by the attacker included computer servers and programs that exploited the city’s online services. The city’s internet phone system was also disrupted but was restored two days after the attack.
Third-party cybersecurity firms have been hired to salvage the city’s computer systems.
“The city worked with these third-party cybersecurity experts to secure the city’s network and resume critical operations as quickly as possible,” the statement said. “To date, the city has restored almost all of the systems and associated data needed to resume normal operations, including the city’s COVID-19 dashboard, online utility payments and court functions. The city continues to work diligently to restore services such as obtaining birth and death certificates and graphical information systems (GIS) as quickly and securely as possible. “
In addition to restoring these systems, a computer forensics firm was hired to investigate the extent of the network security intrusion to determine what data could have been accessed.
“This investigation of who and what specific information may be involved is ongoing, involves a manual document review process and may take an extended period of time,” the city said.
When that investigation is completed, city officials intend to notify anyone whose private information may have been accessed or compromised and to help those individuals protect their information, the statement said.
No further information on the violation will be disclosed at this time, as making more information available to the public could hamper the investigation and expose the city to future risks or attacks, the statement said. City staff identify technology and services that could be used to protect against a future security breach.
Ransomware is malicious software used to encrypt computer systems, John Motazedi, owner of local computer consultancy SNC Squared, told The Globe last month. The company was not involved in the town’s affair.
Motazedi stated that there are several ways to infect a computer system with crippling software. This can be done by sending an encoded program through an email that can trigger the encryption through the system, or by downloading a program without knowing that it is infected with malicious encoding, or by entering the system’s servers, the central brain of a computer system, implanting encryption.
Once a system is overwhelmed by the encryption of its programs, the user cannot operate the computer or system, but will instead receive a pop-up message asking them to pay a certain amount of money to receive a code that can be used for decryption. Typically, cybercriminals demand payment in bitcoin, a kind of online currency that is difficult to trace.
If a computer owner does not pay the ransom, hackers could sell any information found in the system on the dark web, Motazedi said. The dark web is an online place that requires a special browser to access it. Legal and illegal information can be published on the dark web, but it is known as the place to buy and sell stolen data such as identity information and credit card numbers.
Crowder College was hit in July 2019 by ransomware hackers who demanded $ 1.6 million for the decryption codes. It shut down campus-wide IT operations and took about five months to fix because the college didn’t want to pay the ransom, college president Glenn Coltharp said last month.
© 2021 The Joplin Globe, distributed by Tribune Content Agency, LLC.