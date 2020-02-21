PADUCAH, Ky. (KFVS) - Paducah city workers now have access to servers and records that were impacted by a recent IT security incident.
According to Paducah City Manager Jim Arndt, IT systems and file storage are back online and operating securely.
The City’s team consulted outside experts and an insurance provider to create a solution.
Arndt said they ultimately decided to rebuild certain systems from scratch and unlocked others by purchasing decryption keys from the threat actor for a payment of about $30,000.
Officials said they learned of an unauthorized intrusion into the IT systems on Saturday, Feb. 1.
An unknown-third party used malicious software to compromise city systems and encrypt data files. They demanded payment from the city in exchange for decryption keys to restore access.
The city’s team identified and corrected the issue that allowed unauthorized access and security scans, Arndt said.
Arndt said they did not find malicious activity from within the network.
They did not find evidence that filed or data were removed from the city’s systems.
Arndt said there is no indication any information was misused as a result of the incident.
Ardnt said when they learned of the incident, the city disconnected impacted servers and began an investigation and response with the assistance of independent IT security and computer forensic specialists.
City officials said decryption was the quickest and most cost-effective way to restore access to the technology and important records. It also allowed for the most thorough forensic review of the city’s systems, according to Arndt.
Recovering the systems included a process of restoring and performing security inspections on individual servers before they were brought back online one-by-one.
Arndt said the city’s IT team tested and restored nearly 300 IT machines. The machines have been loaded with advanced active threat detection software.
City officials said they have reconfirmed the security of their email system.
They said they have also put measures in place to ramp up security. New security measures include system wide password resets and use of advanced active threat detection.
Arndt said they are using the incident as an opportunity to replace older IT equipment as well.
Other security measures are also being looked at to strengthen the city’s defenses and protocols.
City employees will get new cyber security training. Arndt said the training was scheduled before the IT incident as part of the 2020 Strategic Plan.
City officials said the intrusion into the IT systems had only a minor impact on city business.
