Officials from the City of Valdez are in the final phases of recovering information from its servers after four months of it being held by cyber-criminals demanding a bitcoin ransom, KTUU reported on November 18, 2018.
Cyberattack That Held City’s Info for Ransom in Final Recovery Phase
A small Alaskan town of Valdez became the victim of a malicious cyber-attack back in July 2018, when a ransomware Trojan virus called Hermes infected all of city’s 27 servers and 170 computers. The unnamed attackers demanded four bitcoins for unlocking the city’s servers, the equivalent of around $26,000 at the time.
According to KTUU, instead of instantly paying the attackers, the City of Valdez, with the help of its cyber insurance provider and local police, reached out to a third party security consultant to explore an alternative avenue.
The city hired an unnamed security firm in Virginia that specializes in cyber-incident response and digital forensics to negotiate the terms of release for the city’s data. “We reached out to them (the third-party security company, and through the dark web, anonymously, they reached out to the cyber attackers, so these people had no idea who we were,” Doom told KTUU.
After a round of negotiations, the attackers, assuming they had attacked a small company, decided on a relatively modest ransom. However, the city’s police chief, being concerned about losing almost 15 years worth of data, wouldn’t agree to payment without imposing tough conditions on the hackers.
After the attackers demonstrated their ability to decrypt sample data sent to them by city officials, they provided a decryption key to the City of Valdez, enabling IT staff to begin unlocking its servers and workstations.
But, according to Doom, the work didn’t stop there, as none of the city’s servers are yet operational. he said that the city was still in the process of running its data through virus protections and putting it on a different server. “We have to test it because there could be a virus lurking in there and we could be in the same situation again,” Doom said.
City of Valdez, Alaska
(Source: Alaska Trekker)
Small Alaskan Town Was Hit with Ransomware
According to KTUU, this was not the first time a town in Alaska was hit with crypto ransomware. On July 24, 2018, around the same time, the City of Valdez had its servers hijacked, similar ransomware infected servers in Matanuska-Susitna (Mat-Su), a borough part of the Anchorage Metropolitan Statistical Area.
Bleeping Computer reported that the ransomware infection crippled the Borough’s government networks and had led to the IT staff shutting down a large swath of affected IT systems. Mat-Su Borough Manager John Moosey said that the attackers required $400,000 worth of Bitcoin to decrypt the borough’s servers, which he declined to pay.
Although the Mat-Su Borough had acquired cybersecurity insurance just three months before the attack, officials agreed that using taxpayer dollars to pay a ransom to criminals was untenable. Moosey says the decision was made with the knowledge that even if the borough paid the ransom, its data might not be returned anyway.
Borough office phones and computer systems were quickly taken offline to contain the spread of the malware, forcing borough employees to resort to typewriters, hand-written receipts, and runners to deliver messages throughout the borough.