As of Wednesday late afternoon, Jan. 8, the city phones are back up and running.
The city still battles against ransomware, which infiltrated the city’s computer network three weeks ago. Communications, including both email and phone systems, are still limited, with the city resorting to one phone line per department.
IT experts from across various agencies are working on the issue, but that is proving to be a slow process.
“The city received valuable assistance and advisement from Cal OES (California Office of Emergency Services), including a single use wireless device,” Interim City Manager Tom Haglund said. “The County of Sacramento loaned the city a server, which is in use.”
IT personnel are waiting for the “go ahead” from experts before starting up the email system.
“The structure that supports the city’s email will be rebuilt as soon as the experts evaluating the occurrence give the city the green light to proceed with the rebuild,” Haglund said. “Likely that email will look similar to before the event but will operate much more efficiently.”
Haglund said that the phone system also is waiting for a thumbs-up from the experts.
“The city’s phone system is also being rebuilt,” Haglund said. “It will take some time after the city receives the green light from our forensic experts before that can be completed. In the meantime, the temporary numbers for each department are working well.”
Faced with a utility bill due date, Haglund assured The Galt Herald that customers could still securely pay their city bills through the city’s website, which is hosted by a third party. In addition, checks will be accepted through the city hall drop box and in person at the city finance department window. Residents can also pay in cash at the finance department; however, no credit/debit cards can be processed at the city.
Those on auto payment plans should have already seen a draft from their bank account on the due date Jan. 6. However, Haglund said, if that was delayed due to the city computer network issues, no late charges will be applied to the customer.
Accusations, frustrations and finger pointing has run rampant on social media, with many posters attributing the delay in the system reboot on a lack of backup and incompetence within the city. Others have complained about what they feel is a lack of transparency by the city.
According to a social media post by Councilman Shawn Farmer, he assured residents that the city was doing its due diligence.
“Info is being left out intentionally because we have been advised by DOJ, FBI and DHS to do so,” Farmer said in a Facebook comment earlier this week. “This was a crime of significant scale and is being dealt with as such. For that reason and others, information to the public is on a limited ‘need to know’ basis. Your elected Council Members, including myself (as your representatives), are briefed in great depth on a daily basis and are privy to everything that is transpiring and our progress. I ask that everyone please be patient with the lack of info and thank you all for your understanding.”
According to outside news sources, Galt is among 70 state and local governments across the U.S. that suffered ransomware attacks in 2019. And, according to experts, cyber attacks have proven quite lucrative for the cybercriminals, which mostly hail from outside the country.
“The business model for the ransomware operators for the past several years has proved to be successful,” Chris Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said in a press statement last year. “Years of fine-tuning these attacks have emboldened the actors, and you have seen people pay out — and they are going to continue to pay out.”
Krebs said some agencies choose to pay the ransom despite warnings from the FBI that meeting ransom demands only encourages more attacks.
At the Dec. 17 Galt City Council meeting, Haglund said that the city of Galt has chosen not to pay any ransom. He said that oftentimes even though you pay the ransom and the computer files are released by the cybercriminals, the ransomware lies dormant for a time period and resurfaces only to lock up the city’s system once again until another ransom is paid.
The plan, instead, is to eradicate the malware and reboot the system using backups, that is, once the backups are cleared as well.
Ransomware is different than hackers who are looking to steal information. Ransomware encrypts the victim’s information, making it inaccessible until the malware is removed, whether through an encryption key or completely wiped and starting from the beginning, resulting in data loss.