As described in a recent city report, Modesto’s IT network will be costing the city at least $1 million, due to their most recent ransomware attack. They now need expert help to recover from the attack and are committed to improving their IT security in the future.
Modesto’s City Council was awaiting to approve spending as much as $586,000 for the help they need and about $497,000 yearly for the prevention tools and security detection. The resolution that comes with the city report indicates that Modesto is expecting to be reimbursed by its cybersecurity insurance provider for the expert assistance, except the $100,000 deductible, paid by the city.
During the February 3rd ransomware attack, the Police Department’s IT network was severely disrupted, leading to malfunctioning laptops in patrol vehicles and other technology. The report also disclosed that it took five weeks to restore normalcy. Officials have emphasized that the attack did not compromise the Police Department’s ability to respond to 911 calls and did not pose any threats to the safety of the public. The department’s spokesperson confirmed last week that the network has been almost entirely restored, along with the laptops in patrol vehicles.
Before the ransomware attack, the city report revealed that Modesto’s IT Department was in the process of preparing a request to the City Council for the procurement of additional security tools, that would have been approved this month.
Brett Callow, who is a threat analyst with the cybersecurity firm Emsisoft mentioned that “The City was obviously planning some upgrades, but that does not mean that what they already had in place was subpar. That said, most attacks do succeed because of basic security shortcomings like not using MFA (multi-factor authentication) everywhere it should be used.”
When asked for an interview, the city did not respond and redirected reporters to a recent blog post by City Manager, Joe Lopez, about the cyberattack. However, the blog post reiterates the contents of the city report. While the city manager’s blog post confirmed that the cyberattack was limited to the Police Department, the city report states that the attack was “primarily limited to a single department.” The report does not name the firms that assisted the city in dealing with the cyberattack and provided the city with security detection and prevention tools. The report cites section 7929.210(a) of the California Government Code for the reason that they won’t be disclosing the names.
The responsibility for the attack has been claimed by a ransomware group, Snatch, who recently uploaded 15 files on their website, which contained Modesto’s data. Callow mentioned that this usually indicates that the city has refused to pay the ransom, which he considers the cautious course of action. He explained that there is no assurance that the hackers will not hold onto the data, even if they did receive payment.
As a result of the ransomware attack, Modesto has disclosed that sensitive personal data, such as social security and driver’s license numbers, could have been compromised. The city has taken steps to notify individuals whose personal information may have been impacted and has offered them a year of free credit monitoring. Although the precise number of affected individuals has not been released, the city manager has indicated that the majority of those notified were city employees, particularly those associated with the Police Department. He has also acknowledged that a small number of non-city personnel have been affected too.
According to Callow, ransomware attacks are becoming increasingly prevalent among public agencies. One example is the City of Oakland, which is still struggling with the aftermath of a ransomware attack that occurred in February. CBS Bay Area News reported that the cybercriminals have leaked information on thousands of current and former city employees including Social Security numbers, medical records, and home addresses.
Since the attack, Modesto’s City Council has since approved the spending for the additional security detection and prevention tools. On April 11th, the City of Modesto Council Meeting emphasized that this breach was not from a City of Modesto staff member or employee, but rather one of their trusted vendors. It was the vendor of the City of Modesto who was compromised and that allowed the attack to occur.