UPDATE: City of Muscatine "well on the way" to return of normal operations after ransomware attack
UPDATE 11/2: City officials believe they are well on the way to returning the system to normal.
“A few years ago we decided to add cyber insurance,” Gregg Mandsager, City Administrator, said. “Given the increasing number of these kinds of attacks, we decided to be proactive and purchase the insurance. That decision has proven to be a good one.”
Mandsager added that the insurance company stepped right in and started helping secure the additional “boots on the ground” that Muscatine needed to battle the ransomware attack.
Muscatine officials believe that the ransomware has been removed and that progress is being made on restoring all systems.
The City obtained outside resources to isolate the ransomware, install programs on each workstation that would monitor and report any suspicious activity, to assess what was needed to fully restore the system, and to recommend additional cyber security measures.
The industry average for fully restoring a system is 10 weeks but every situation is different. While the City of Muscatine has made significant progress in the two weeks since the attack, there is still a lot more to do.
“Unfortunately, communities will be dealing with cyber security issues for the foreseeable future,” Mandsager said. “This is not just a government issue. This really is an issue for everyone these days.”
UPDATE 10/26: The ransomware investigation continues both through the FBI Cyber Crime Unit and Muscatine Police Department.
Public Safety, Public Works, Art Center, and the Water Resource Recovery Center are all operating normally or close to normal.
Services at City Hall and the Musser Public Library continue to be unavailable.
There is a continued investigation of tracing down all infected workstations and servers.
UPDATE 10/23: The city of Muscatine is seeing their usage of online services hindered by a ransomware attack.
A TV6 viewer reached out after discovering that they were unable to check out a book from the Musser Public Library due to the server attack.
TV6 found that the Musser Public Library is open, but with the internet down they are unable to check out books or offer other computer-based services.
A city of Muscatine representative shared that most departments at City Hall are still affected. They reportedly have gone 'old school,' using paper to document everything, until the issue is resolved.
Payments for parking violations currently cannot be made online. Citizens who receive a parking ticket should bring the payment into the office or drop the payment into one of the yellow payment boxes on select parking meter poles.
ORIGINAL: A release sent by the city of Muscatine says several City servers were hit with a ransomware attack.
A MUSCOM server and the City of Muscatine Shieldware, Springbrook financial server, and other city servers were the victims of a ransomware attack at approximately 1 a.m. Wednesday, Oct. 10.
City of Muscatine IT staff along with other IT personnel have been working to isolate the ransomware and restore servers since that time.
Muscatine Police along with federal authorities are investigating the cyber-attack. More details will be released as they become available.
Ransomware is a family of malware that blocks access to a PC, server or mobile device, or encrypts all the data stored on that machine. It’s typically delivered through a malicious email or infected third-party websites.
To regain access or control of the data, the user must pay a ransom. The encryption is unbreakable and simply removing the malware will not solve the problem, forcing payment for the unique software key that will unlock everything.