Officials in the City of Del Rio have disabled the internet connection for all departments at City Hall following a ransomware attack.
The City of Del Rio, which is located 152 miles west of San Antonio in Val Verde County, Texas, posted a statement to its website disclosing the attack. Its statement mainly offers insight into the aftermath of the infection, however. As City officials explain in their bulletin:
The first step in addressing the issue, was for the City’s M.I.S. (Management Information Services) Department to isolate the ransomware which necessitated turning off the internet connection for all city departments and not allowing employees to log into the system. Due to this, transactions at City Hall are being done manually with paper.
Victoria Vargas, public relations manager for Del Rio’s City Hall, explained to Bleeping Computer that the City turned off approximately 30-45 of its computers following its detection of the attack on 10 January. She didn’t disclose whether the offending ransomware strain’s identity was known or whether it compromised any employee data or customer information.
She did reveal some unique elements of the ransom note, however. For instance, she stated the note didn’t come with an email but a phone number as a way for Del Rio’s City Hall to contact the attackers and pay the ransom if they so wished. The message also apparently didn’t include any information on the exact amount of the ransom to be paid.
After disabling its internet connection, officials notified the FBI about the security incident. The FBI, in turn, referred them to the Secret Service.
This isn’t the first time that a city has suffered a ransomware infection. In early 2018, the City of Atlanta experienced its own attack that affected several customer-facing systems, including one used by customers to pay bills and access court-related data. Officials ultimately learned that the incident had wiped out years of dashcam footage generated by the Atlanta Police Department.
City governments should take steps to defend themselves against ransomware attacks. For instance, they should back up their information on a regular basis. They should also ensure that they have a robust patch management strategy in place.
More ransomware prevention tips can be found here.