RACINE — Despite some city staff members and social media posts theorizing that “the Russians” were behind the ransomware virus that crippled the City of Racine’s internal online networks since at least Jan. 31, it still isn’t known who (or what) exactly was behind the attack, city spokesman Shannon Powell told The Journal Times.
However, another cyberattack that hit the City of Oshkosh at about the same time appears to have come from a group of Russian hackers, Oshkosh City Manager Mark Rohloff said, citing what he was told by the FBI.
“The FBI folks said this (cyberattack) was (staged by) a Russian group that was known to them,” Rohloff told The Journal Times.
Ransomware is a type of malware/virus that a hacker can use to lock down a business’s or government’s online networks. The hacker (or hackers) can then demand a ransom to unlock them.
Powell and Rohloff both said there is no evidence that the attacks on Oshkosh and Racine were coordinated.
However, Racine’s Management Information Systems Department told Powell that the source of the attack does not appear to be local and likely originated outside of Wisconsin.
It still isn’t 100% clear how exactly the malware got into Racine’s network, but it is believed that a staff member unwittingly clicked on a bad link or opened a malicious attachment in an email, allowing the ransomware program into Racine’s systems, Powell explained.
Rohloff said that Oshkosh’s cyberattack likely resulted from someone opening an email attachment, probably disguised to look like a typical Microsoft Word file, that allowed the virus into Oshkosh’s computer systems.
The effect of the attack has not entirely paralyzed city staff, but it has slowed down work significantly.
Email has been down for the City of Racine since Jan. 31, but Oshkosh (which reportedly lost its email capabilities a day earlier) got its email system back to normal this week.
In Racine, MIS staffers have been forced to work around the clock to get every staff computer reactivated.
Paychecks were delivered without a hitch in Oshkosh on Friday, Rohloff said, although much of the data had to be input manually, a massive time consumer.
Early next week, Racine’s payroll is expected to get back online, followed by less critical systems.
“It’s just a thing that takes time,” Powell said.
Pay to retrieve data?
As of Friday afternoon, Racine still had not received a ransom request from the data-kidnappers, Powell said.
Regardless, the leaders of both Oshkosh and Racine indicated they would refuse to pay the hackers a ransom if one were to be requested.
Not everyone has taken the same approach: the University of Maastricht in the Netherlands announced Wednesday that it paid $220,000 worth of Bitcoin to hackers in Russia who had been in control of the school’s computer systems for more than a month.
These attacks seem to be becoming increasingly common.
According to a report by anti-malware company Emsisoft, across the U.S. in 2019, 113 state and municipal governments and agencies were affected by ransomware attacks, as were 764 health care providers and 89 universities, colleges and school districts — affecting as many as 1,233 individual schools.
“The cost of these incidents to taxpayers? Perhaps as high $7.5 billion,” Brett Callow, a threat analyst with Emsisoft, wrote in an email.
During a public appearance Wednesday, Louisiana Gov. John Bel Edwards warned: “You may not have been hit yet in your town or in your city. But it’s a question of when, not if” your town or city is affected by a cyberattack.
“I don’t want anybody paying that ransom because if you do, then their (the hackers’) business model is affirmed, and they’re going to keep doing this over and over,” he said.
Backup systems key
The primary lessons learned by Racine and Oshkosh have been on the importance of backups and the necessity of caution.
In Racine, MIS staffers have used antiquated magnetic tape data storage backups to restore lost data, a slow but necessary process. In Oshkosh, three days’ worth of emails and several hours’ worth of data were rendered unrecoverable without bowing to the demands of the hacker(s).
“We weren’t doing backups on weekends. We’re doing them now,” Rohloff said. “The real challenge to get us totally back up to speed is getting all of our hardware … confirmed that they’re clean.”
Oshkosh also plans to invest more time in training employees to recognize fishy emails, Rohloff said, to make sure something like this doesn’t happen again. Racine is looking at doing something similar, Powell said, that may include partnering with Racine County or Gateway Technical College.
“Cybersecurity,” Racine City Clerk Tara Coolidge said, “is something we’re always going to have to look out for.”
“Cybersecurity is something we’re always going to have to look out for.” Tara Coolidge, Racine city clerk
Christina Lieffring of The Journal Times contributed reporting to this story.
“Cybersecurity is something we’re always going to have to look out for.”
Tara Coolidge, Racine city clerk