Digitally Crippled: Ransomware Shuts Down City Government



Dan Gunderman
11/17/2017

When Spring Hill, Tenn., a city approximately 30 miles south of Nashville, refused to give in to hackers’ hefty demands, the municipality was left digitally crippled.

Earlier this month, Spring Hill became victim to a ransomware attack when one of its municipal employees allegedly opened a malicious email, at which point cyber thieves had their foothold. A sharp demand for payment appeared on the city’s computer screens – a dark reminder of the prevalence and strength of these ransomware infiltrations.

The city decided against paying the $250,000 ransom that the anonymous hackers demanded, instead opting to have their IT department restore its database using backed-up files, according to SC Magazine.

The immediate effects of this were crippling – at least in the age of ecommerce. In fact, some weeks later, the city is still managing these residual setbacks.

The city of close to 35,000 people is essentially at a commercial standstill. That is, city workers have been locked out of their email accounts, and residents are unable to make online payments. They’re also barred from using cards to pay utility bills or court fines. The city has asked its residents to revisit the methods of a different era: paying by check and mailing them out (or dropping them off).

Evidence of the slowdown is apparent at city hall, as residents have lined up to conduct their daily affairs.

See Related: Incident Of The Week: Slip-Up In Mobile App Code Exposes 180M Users

Those in emergency services have been forced to log 911 calls on a whiteboard, while police officers have lost the mobile data terminals in their vehicles. That said, emergency services are still being carried out in their entirety.

Upon last update, the 911 and city email systems were first up for restoration. Officials believe that no information was taken from the city’s server.

Nonetheless, the attack underscores a growing number of municipal cyber-attacks. This can occur at the city, state or federal level.

Highly troubling attacks have affected state governments, including one noteworthy breach in Utah that exposed around 780,000 Health Department medical records. The breach prompted the state’s chief information officer to enter the market for cyber insurance.

See Related: Incident Of The Week: 'Silence' Trojan Records Financial Info

Montana purchased cyber insurance in 2011 – and was affected by a wide-scale breach three years later. Although they were covered and the insurer provided a host of remedial services, it proves that state enterprises are sought-after targets.

Hackers’ motives and methods will forever be tough to pinpoint, as attacks have also attempted to decimate the public school systems. In fact, one Montana school district – Columbia Falls – became the focal point of a recent ransomware operation, accompanied by disturbing messages and threats to release sensitive student information, according to NBC News.

In the specific case, hackers also gained control of school security cameras so they could peep on whomever they chose. After consulting with local law enforcement and the FBI, the school system opted not to pay the ransom, just as Spring Hill had.

Each ransomware incident – gone paid or left unpaid – has shaken its respective community, leaving enterprise IT professionals both weary and sharp-eyed.