City updates employees on cyberattack
Municipal systems hacked April 24
LOWELL >> Both the city and the school side of Lowell’s municipal operations updated employees on the cyberattack that has disrupted operations since April 24.
Lowell Public School’s Chief Operating Officer James Hall sent an email to employees on May 26, announcing that a Lifelock
contract will provide credit monitoring and alert services for two years.
“Employees will most likely be covered for 2 years (more information to follow next week),” Hall wrote. “It is anticipated that family members will also be able to enroll at no cost, but we are awaiting further details from the corporation. We are anticipating a June 1 start date for this credit monitoring and alert service.”
The ransomware group “Play” claimed responsibility for the cyberattack. On May 11, Play said it had released 5 gigabytes of data from that theft and posted it to the dark web.
The dark web is a part of the internet that isn’t indexed by mainstream search engines and requires special browsers like Tor, permissions, software and system configurations to access. It is used to keep internet activity anonymous and is fertile ground for illegal or criminal enterprises like Play.
Documents given to The Sun appear to show that the allegedly stolen data includes personal and personnel data such as medical billing records and employee disciplinary cases.
Superintendent of Schools Joel Boyd and City Manager Tom Golden allocated more than $1 million combined funding from their respective budgets to purchase Lifelock protection for all current city and school employees impacted by the cyber breach.
On Wednesday, Golden updated employees with the effort to restore operations and functionality to systems.
“There continues to be an active and ongoing investigation,” Golden wrote. “As the investigation unfolded, all indicators suggested that the cyber-related event was limited in scope, and neither effected the school side of the network nor any other systems or services with which the
city interacts. Key vendors, financial institutions, partners and other stakeholders were notified of the event in order to mitigate fraudulent activity.”
The document described the deployment of desktop PCS at 20%, while telephone and MUNIS services are at 99% restored capability.
MUNIS is an enterprise resource planning technology that manages financials, human resources, asset management and
revenues for municipal governments.
In contrast, the server systems, which store, send and receive data, are at 50% operational status.
While the city’s 911 service was not affected, other public safety systems were, with the Lowell Police Department’s booking system among those crippled by the attack. The department effected a mutual aid contract with Dracut, which assumed responsibility for the bookings of all Lowell arrests.
On May 21, the document said Larimore services were restored to the radio room and other police areas. Larimore
is a public safety software system used by the LPD.
Golden’s update included pending actions such as the reset of all telephone account and website account credentials.
Additionally, “Everyone will get registered into additional multi-factor authentication services,” he said.
It is still not known how the cyber criminals accessed Lowell’s network, but Golden’s update notes that, “Cybersecurity is an evolving threat, requiring constant vigilance. Safe computing is everyone’s responsibility.”