Cybersecurity at Woesnotgone (Woes-not-gone) Meadow
WoesnotgoneAll is relatively well here at Woesnotgone Meadow, where everyone has above average bandwidth. It seems as though winter has crept in like the wind. This has limited our activities somewhat as the roads have a not-so-nice layer of ice, which at times can be difficult to see, let alone drive on.
Seems as though the city of Muscatine, Iowa had their own event slowing down workflow also. As with most industries, nearly everyone with assets with value is a target. Local municipalities are not sheltered from this risk. Thankfully, the Meadow has not been targeted in recent years. In Muscatine, Iowa however several of their servers were targeted, including one used by the finance department.
The attackers used ransomware as their tool. This occurred at approximately 1am on October 17, 2018. This was very successful for the attackers. The servers were targeted and compromised. One of these included in the pool was used by the finance department, which was the Springbrook server. The other servers were used by the city hall departments and library. As this was successful, the affected departments had to use pen and paper for over a week. As of the latest report, the city officials were still reviewing what happened to allow the ransomware in. This has not been published yet.
The city officials did publish a press release on October 18, 2018 describing in general terms what happened. Fortunately the critical servers were still operating. It is notable that the city did not pay the ransom. Years ago, the city decided to purchase cyber insurance, and this proved to be a benefit, from not only being insured, however, also the insurance company was very active in the response.
To remediate this, the city or insurance company contracted with a third party to assist with the issue. They believe they were able to isolate the ransomware, and move forwards. Perhaps it would be prudent to provide additional training for the staff to be alert for general phishing attacks, USB sanitary practices, and what to not click on in the future.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.
City of Muscatine. (2018, October 18). [Archived] City of muscatine servers hit with ransomware attack. Retrieved from https://www.muscatineiowa.gov/CivicAlerts.aspx?AID=760&ARC=1030
City of Muscatine. (2018, November 2). City slowly recovering from ransomware attack. Retrieved from https://www.muscatineiowa.gov/CivicAlerts.aspx?AID=770
Coleman, S.B. (2018, November 2). Update: City of muscatine “well on the way” to return of normal operations after ransomware attack. Retrieved from https://www.kwqc.com/content/news/City-of-Muscatine-reports-ransomware-attack-497981371.html
Hanson, A. (2018, October 23). City of muscatine responds to cyber attack. Retrieved from https://www.kwqc.com/content/news/City-of-Muscatine-responds-to-cyber-attack-498364541.html
Journal Staff. (2018, November 2). Muscatine still recovering from ransomware attack. Retrieved from https://muscatinejournal.com/muscatine/news/local/muscatine-still-recovering-from-ransomware-attack/
Loging, S. (2018, November 15). Muscatine coming back online after cyber attack left them in the dark. Retrieved from https://www.ourquadcities.com/news/muscatine-coming-back-online-after-cyber-attack-left-them-in-the-dark/1600554261
WQAA Digital Team. (2018, October 19). Muscatine cyber attack targets government financial server. Retrieved from https://wqad.com/2018/10/19/muscatine-cyber-attack-targets-government-financial-server/
WQAD Digital Team. (2018, November 2). Muscatine government cyber attack recovery ‘a slow process’. Retrieved from https://wqad.com/2018/11/02/muscatine-government-cyber-attack-recovery-a-slow-process/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.