Ransomware attack verified by Lodi official
Lodi City Manager Steve Schwabauer has confirmed that the computer issue that hindered the city’s phone lines and data financial data systems earlier this year was, in fact, a ransomware attack.
Ransomware — a malicious software, or “malware,” attack designed to block access to a computer or computer system’s files — was sent to city staff as an email attachment that looked like an invoice, Schwabauer said.
After a staff member clicked on the attachment, the malware was spread through the city’s network of computers. It encrypted critical files that knocked several key phone lines out of service, including the non-emergency number for the Lodi Police Department, the emergency outage line for Public Works, and the main numbers for City Hall and the finance division.
Hackers demanded the city pay a Bitcoin ransom in exchange for the encryption keys — similar to passwords — that would release the servers.
Bitcoin, an unregulated form of virtual currency, has become the most popular method for demanding ransom because transactions are anonymous. That prevents extortionists from being tracked.
“The ransom demanded 75 Bitcoins (approximately $400,000 at the time of the inquiry) be paid to restore our systems. We did not pay the ransom. Instead, we rebuilt our systems from our back-ups,” Schwabauer said.
Following the attack, the city hired security experts and a legal team to conduct a series of forensic audits. Technicians who investigated the city’s computer systems were able to trace information included in the malware’s code, and concluded that public information was not compromised as a result of the ransomware attack.