In wake of Good Friday cyberattack, city of Abilene replacing all desktops, laptops

The city of Abilene is still in recovery mode after a cyberattack from foreign hackers was discovered over six weeks ago, city officials said in a statement Monday. Recovery efforts mean replacing the city's network infrastructure including all desktops and laptops.
Hackers encrypted and deleted city data in the ransomware attack, demanding the city ante up to get its information back, according to the statement. The city has no intention of paying a ransom.
On April 18, city officials detected that city servers were unresponsive and began investigating the outage, city officials said in the statement.
After the city's information technology department determined a foreign actor had compromised the city computer systems, the full network was shut down around 7 a.m. April 18 to prevent any further intrusion or data loss, the statement said.
'They encrypted data and deleted data off our servers," Troy Swanson, IT director, said.
Swanson said the hacking group compromised the city's network and accessed administrative credentials. They also attempted to uninstall antivirus software and remove other protective measures.
The city was given a deadline of May 27 to pay a ransom to restore the stolen data, an estimated 477 gigabytes.
According to the statement, 477 gigabytes is equivalent to around 238.5 million pages of PDFs or 48 hours of 4K streaming on Netflix.
A Comparitech.com article noted that Russia-based ransomware group Qilin claimed responsibility for the cyberattack, the Abilene Reporter-News reported May 20.
Qilin 'runs a ransomware-as-a-service business in which affiliates pay to use Qilin's malware to launch attacks and collect ransoms,' the May 19 Comparitech article said.
In city officials' statement Monday, they stated communication was made with the suspect hacking group claiming responsibility to understand the nature of the information taken.
The city statement did not name Qilin.
City officials determined they will not aid or abet the perpetrators otherwise and will not pay the ransom, the statement said.
The city statement on Monday did not state the dollar amount of the ransomware the hackers sought.
More: The city of Abilene says it will not pay ransom to cyberattackers
'I was involved in the acquisition of our cyber insurance because of my role in overseeing risk management,' Mike Perry, director of the city's office of professional standards, said. 'Fortunately for us, we increased our insurance coverage last year.'
Perry has assisted in the investigation with his background in law enforcement and in his role as a city administrator to work with the cybersecurity team hired by the city's insurance company to mitigate damage and help with recovery efforts, the statement said.
When threat actors attack a network, Perry said they encrypt data so it's hidden from the entity it belongs to. Then perpetrators ask for a ransom to unencrypt and recover the data.
While the data may be valuable, 'we're also not going to bow down to a criminal organization' as there is no guarantee the data will be recovered or not sold on the "Dark Web," said Perry, who was an Abilene assistant chief of police for 12 years.
As of May 28, there have been no indications Abilene's information has been misused or residents' information has been used or released, Perry said.
He said the amount of data taken appears to be relatively small compared to the city's total storage capacity.
'We're currently in this pattern of waiting to see if and when they're going to publish the data,' Perry said. 'There's not a lot more dialogue to be had because we've told them we're not going to pay the ransom.'
The investigation is ongoing and the exact information taken by the hackers is unclear, Perry said.
City employees and Abilene residents are asked to actively monitor their credit card and other accounts for data breaches and to report anything suspicious, the statement said.
As network functionality is restored, the city will release periodic updates until all functions and points of access are fully operational, the city statement said.
Information will be released by the city as needed and with limits to ensure the ongoing investigation is not compromised, the city statement said.
Swanson said staff are in the process of replacing all network infrastructure, including servers, storage, phones, desktops and laptops. They were able to restore core services quickly after the attack.
"By doing so, we will create a new cyber secure environment that we can assure is set up for the future and not able to be compromised," he said.
The main push has been to supply city employees with desktops and laptops so they can perform their functions, Swanson said. There have been interim measures taken so employees can perform work, he said.
While there still will be hurdles to overcome, residents and employees should expect the majority of day-to-day functionality to be restored soon, he said.
The city hopes to be fully functioning in a few months, Swanson said.
Citing the cyber attack discovered April 18, the city of Abilene filed a catastrophe notice and then an extension to enable it to temporarily suspend the requirement to provide public information under state law, according to a Texas Attorney General's Office database.
In total, local officials tapped into a state measure allowing the city to forego responding to citizens' open records requests from April 22 through May 5, according to an April 29 report from ARN.
Cyberattacks are an ongoing threat in the digital landscape and have become a new type of emergency which organizations must endure, Swanson said.
Cities and municipalities recently affected by cyberattacks include the Texas cities of Mission, Richardson and Killeen, city officials said.
Other cities targeted by cyber attacks include Baltimore, Maryland; Cleveland, Ohio; White Lake Township, Michigan; Arkansas City, Kansas; and El Cerrito, California, city officials said.
Early or on Election Day: What to know about voting in Abilene City Council runoff race
Development Corporation of Abilene seeks approval for $3.5 million Project Surf incentive
This article originally appeared on Abilene Reporter-News: City of Abilene in full network shutdown after cyber attack, ransom demand

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

CBS News

22 minutes ago

• CBS News

Northbound lanes closed after 2 killed, 1 hurt in multi-vehicle crash on I-55 in DuPage County

Two people are dead and one other was hospitalized following a multi-vehicle crash early Sunday morning on Interstate 55. The crash happened just before 3:30 a.m. on northbound I-55 south of Lemont Road in DuPage County. Illinois State Police said troopers responded to a three-car crash, where two people were confirmed dead at the scene. Their identities were not released. A third person was taken to an area hospital with unknown injuries. All I-55 northbound lanes are closed with traffic diverted off at I-355. The ramps from I-355 to I-55 northbound are also closed. No further information was immediately available. CBS News Chicago will continue to update.

Yahoo

41 minutes ago

• Yahoo

1 Dead, at Least 9 Injured After Mass Shooting in South Carolina Near Veterans' Center: ‘Hundreds of People Scattered'

One person has died and nine others are injured following a shooting in South Carolina on Saturday, June 21 The incident occurred near the Veterans of Foreign Wars post in Anderson County during Juneteenth celebrations, according to the Anderson County Sheriff's Office The suspect in the mass shooting has not yet been identifiedOne person has died after nearly a dozen people were shot during Juneeteen celebrations in South Carolina. On Saturday, June 21, police responded to reports of 'multiple people shot' near the Veterans of Foreign Wars post in Anderson County amid the county's sixth annual Juneteenth celebration, the Anderson County Sheriff's Office stated in a news release shared on Instagram. 'At least 10 people were gunned down in a neighborhood along Scarborough Road after a fight ensued on the street and shots rang out,' said the ACSO, per the release. "Right now, deputies can confirm one person is unfortunately dead, one patient was flown to Greenville Memorial Hospital and at least 8 others were taken to nearby hospitals, including in Anderson and Greenville." Officials described the incident as 'a chaotic scene' as the shooting left 'hundreds of people scattered, leaving behind shoes and debris in the roadway,' per the release. The shooting occurred just before 11:00 p.m. local time, the New York Post reported. In footage posted by the ACSO on Instagram, several police cars can be seen stationed on a closed-off road following the incident. More than 100 law enforcement personnel, emergency medical services, firefighters, troopers and the South Carolina Department of Natural Resources responded to the scene. 'The shooting occurred outside within feet of a Veterans of Foreign Wars, however, the post does NOT have any affiliation with the event itself,' said the ACSO, per the release. Want to keep up with the latest crime coverage? Sign up for for breaking crime news, ongoing trial coverage and details of intriguing unsolved cases. The suspect has not been identified at this time. "This remains an active investigation and detectives and deputies continue to work this unfolding scene," the ACSO concluded, per the release. The Anderson County Sheriff's Office did not immediately respond to PEOPLE's request for comment on Sunday, June 22. Read the original article on People

Yahoo

an hour ago

• Yahoo

Killer Roads In Dallas: What Highways Ranked Among Nation's Most Dangerous?

A new report examining tens of thousands of U.S. roads shows that some Dallas area highways rank among the deadliest in the country. Future Bail Bonds study examined data from 96,000 roads nationwide from 2019 to 2023. Three Dallas County highways ranked among the 150 deadliest roads in the country. The report leveraged the latest National Highway Traffic Safety Administration (NHTSA) data. I-30 was found to be the deadliest roadway in Dallas, recording 76 fatal wrecks during the examination period. Nationwide, it ranked 23rd overall in terms of fatalities and the fourth-deadliest in the state. This is not the first time I-30 has been included on a list of the most dangerous roads. Earlier this year, The Dallas Express detailed a report from that ranked the interstate the fifth worst for fatalities in 2022. According to the latest study, two other local roadways were listed among the top 150 deadliest. Loop 12 ranked No. 115 in the United States, registering 45 fatal wrecks between 2019 and 2023. I-635 was listed at No. 132 in the country, recording 43 crashes during that period. I-15 in San Bernardino County, California, which runs from Southern California to Las Vegas, was considered the deadliest road in the country. The roadway logged 196 fatal car crashes in the reporting period. Within Texas, I-45 in Houston had the highest number of fatal vehicle wrecks at 88. The roadway from Dallas to Galveston was considered the 16th deadliest in the nation. 'From 2019 to 2023, motor vehicle crashes claimed 186,284 lives across 96,257 roads in the United States, underscoring the persistent danger on American roadways,' the report said, per CultureMap Dallas. In 2024, the Dallas City Council passed a measure to lower the speed limit from 70 to 65 miles per hour on a portion of U.S. 75 Central Expressway that is considered particularly dangerous. As part of its Vision Zero plan, the city has targeted eliminating all traffic-related deaths and cutting severe injury crashes by 50% by the end of the decade.