NORTH BEND — The City of North Bend’s computer system is up and running again after a ransomware cyber-attack locked city workers out of their computers and databases.
Ransomware is a form of computer virus that is designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.
“One weekend morning a few weeks back all of our servers and things locked up, and we received a ransomware note that said for $50,000 in Bitcoin these people would provide us with the code to unlock our computer systems,” North Bend city administrator Terence O’Connor said.
Instead of paying the ransom the city decided to contact the FBI. The FBI came and investigated the ransomware virus and traced it back ransom demand to Romania.
“It appeared to be a more sophisticated ransom where there are two keys needed to unlock your system. One is planted on your system, the other the culprit has,” O’Connor said.
Those who planted the virus initially targeted the North Bend Police Department, but with many of the city’s computers interconnected, the virus quickly spread throughout its system.
“The ransom note was directed at the police department, and it spread from their servers to ours. That’s why in some cases people who would expect emails from us weren’t getting any because we weren’t sure what vector was causing the disease,” O’Connor said.
Luckily the city does back up its system. According to O’Connor there was no data lost in the system lock out.
“We’ve lost some time, and money to sanitize the computer systems,” O’Connor said.
The city is insured for cyber–attacks like this, and will likely only have to pay around $5,000 out of pocket O’Connor said.
North Bend has gotten its computer system together again, and is adding to its firewall security to hopefully prevent an incident in the future.
O’Connor said the FBI investigation found that the folks who placed the virus in the system did so sometime back in October.
To the city’s knowledge there has not been a release of personnel data.
“We’ve hired some firms to go through the records we keep here … Employee personnel records appear to have not been impacted other than the fact that we couldn’t access them,” O’Connor said.
Although the FBI was able to trace the ransomware back to Romania they were unable to identify anyone directly involved in the virus plant.