MUSCATINE, Iowa – Two weeks after a ransomware attack disabled several City of Muscatine servers city officials believe they are well on the way to returning the system to normal.
A MUSCOM server and several servers housed in Muscatine City Hall were the victims of a ransomware attack at approximately 1 a.m. on October 17. Since that time, the Information Technology (IT) Department for the City of Muscatine has worked with specialists in the field of cyber security to isolate and eliminate the ransomware, and then restore the servers to service.
“A few years ago we decided to add cyber insurance,” Gregg Mandsager, City Administrator, said. “Given the increasing number of these kinds of attacks, we decided to be proactive and purchase the insurance. That decision has proven to be a good one.”
Mandsager added that the insurance company stepped right in and started helping secure the additional “boots on the ground” that Muscatine needed to battle the ransomware attack. Some of the details of the attack on the city’s system will not be disclosed as the investigation continues.
However, Muscatine officials believe that the ransomware has been removed and that progress is being made on restoring all systems.
The first issue for the IT crew was to isolate the ransomware which necessitated turning off the internet connection for all city departments and not allowing employees to log into the system.
“We did a lot of cleaning that first couple of days,” Nancy Lueck, Finance Director, said. “We were able to clear a lot of shelving space, file a lot of old papers, and become better organized.”
Online services such as paying for parking tickets, applying for permits, and checking out books at the Musser Pubic Library were unavailable and employees went back to the basics, using pencil and paper, to keep tract of requests and transactions.
The City obtained outside resources to isolate the ransomware, install programs on each workstation that would monitor and report any suspicious activity, to assess what was needed to fully restore the system, and to recommend additional cyber security measures.
The industry average for fully restoring a system is 10 weeks but every situation is different. While the City of Muscatine has made significant progress in the two weeks since the attack, there is still a lot more to do.
Most workstations were restored to service this week but many online services will still be unavailable for the foreseeable future including paying parking tickets. Individuals who receive parking tickets are able to pay in person at City Hall or place the payment in one of the yellow boxes located on select parking meter poles.
“It is a slow process and with every step forward you take there is always the possibility for a step back,” Mandsager said. “Our IT staff has been working very hard to resolve the situation and restore the system. We ask the public to continue to be patient.”
Muscatine was just one of several government entities that were attacked by the ransomware or its variants during the October 16-17 time period. One paid the ransom and had their system restored while the others are working to restore without paying the ransom.
“You can pay the ransom and they can remove the ransomware but you can never be sure that they did not leave something behind that could come to life later and cause more damage,” Mandsager said.
The City is reviewing and implementing additional security measures over and above those systems already in place.
“Unfortunately, communities will be dealing with cyber security issues for the foreseeable future,” Mandsager said. “This is not just a government issue. This really is an issue for everyone these days.”
If you have any questions regarding city services, please call City Hall at 563-264-1550. You will be directed to the department which handles your question.