City of Muscatine officials believe systems are returning to normal two weeks after the ransomware attack that disabled some city servers, according to city news release.
The attack took place at about 1 a.m. Oct. 17 and hit servers including Muscom and Muscatine City Hall. The city's Information Technology Department and cyber security specialists have been working to isolate and eliminate the ransomware, then restore the servers.
“A few years ago we decided to add cyber insurance,” City Administrator Gregg Mandsager said in the news release. “Given the increasing number of these kinds of attacks, we decided to be proactive and purchase the insurance. That decision has proven to be a good one.”
He said the insurance company was able to get additional support to fight the attack. The investigation is ongoing, but it's believed ransomware has been removed and restoration efforts are succeeding.
The IT crew had to isolate the ransomware, thereby turning off the internet connection for all city departments. Services such as paying for parking tickets, applying for permits and checking out books at Musser Public Library were unavailable and employees had to use pencil and paper.
"The City obtained outside resources to isolate the ransomware, install programs on each workstation that would monitor and report any suspicious activity, to assess what was needed to fully restore the system, and to recommend additional cyber security measures," the release read.
The average time to fully restore a system is 10 weeks, but there's no guarantee that's the amount of time it will take for systems to be fully restored. Most workstations have been restored, but many online services, such as paying for parking tickets, will be unavailable for the foreseeable future. They can be paid in person at City Hall in person or in one of the yellow boxes on some parking meter poles.
Several government entities were attacked by the ransomware or its variants in that time period, according to the release.
“You can pay the ransom and they can remove the ransomware but you can never be sure that they did not leave something behind that could come to life later and cause more damage,” Mandsager said.
Additional security measures are being reviewed and implemented.
For more information, call City Hall at 563-264-1550.