Cyber hackers, believed to be from Russia, encrypted thousands of files from the Fresno Council of Governments, demanding an $8,000 ransom. The public agency declined to pay and lost access to the files.
Listen to this article:
Fresno COG called it a “catastrophic loss of data to the agency.”
The agency’s members are the 15 incorporated cities of Fresno County, as well as the county itself. Fresno COG mainly deals with transportation and land-use issues.
The incident happened during a weekend data backup in September. According to a staff report presented at a board meeting to discuss the issue, “a multitude of plans, reports, studies, memos, correspondence, and particularly public outreach-related files, were encrypted in the attack beyond staff’s ability to retrieve it.”
However, other files such as finances, modeling, and mapping were “largely unaffected.” According to deputy director Robert Phipps, those files were not connected to the internet. No personal data was stolen or lost.
A Targeted Attack
“(The hackers) were simply interested in freezing everything up so that we would pay a ransom to get it back, to have it decrypted.” — Fresno COG Deputy Director Robert Phipps
“It occurred just at the moment that we were backing up our system over the weekend,” Phipps said.
Phipps said they discovered the attack the following Monday when staff returned to work. The hackers posted a screenshot on the server and sent an email demanding $8,000 in bitcoin to unlock the files.
He said the hackers were monitoring Fresno COG’s system and knew the best time to attack. He also said that the attack wasn’t the result of an employee clicking on a phishing scam link.
The attack, which penetrated the network’s security system, locked down Fresno COG’s computers.
“(The hackers) were simply interested in freezing everything up so that we would pay a ransom to get it back, to have it decrypted,” Phipps said.
Fresno COG immediately reported the incident to the FBI and Secret Service. It is believed to be the Phobos virus. Phipps said Russians are likely behind the attack.
The FBI and Secret Service didn’t respond to a request for comment from GV Wire.
Fortunately, for Fresno COG, much of the lost data was already stored on its website or the information was retrieved from old emails.
Decision Not to Pay
The decision not to pay the ransom came from Fresno COG director Tony Boren.
“(The decision) was in corroboration with law enforcement, because we did consider paying it,” Phipps said of the process. “We knew that it was going to cost us a lot more.”
Phipps noted in other cases of cyber attacks, hackers would unlock the files, only to lock them again. Or, the hackers would never unlock the data despite being paid.
“So, hopefully over time, we’ll have enough local jurisdictions that realize that it’s not going to profit them ultimately to pay these terrorists. We can only hope that it goes on the decline,” Phipps said.
Public Agencies Vulnerable
Earlier this year, “60 Minutes” investigated cyber attacks on government computers from jurisdictions of all sizes, from the big city to the small town.
“This was certainly not a unique experience,” Phipps said.
In response to the attack, the policy board voted Wednesday to purchase security software from AMS.net for $124,000. A staff report described it as “similar to that of a completely new IT system.”
The city of Fresno provided internet services through a contract to Fresno COG prior to the attack. They cut service once the attack happened. Fresno COG has utilized Comcast since then.
The city was not affected by the attack.