Ransomware attack hit the City of Del Rio disabling all servers at City Hall

• The ransomware attack led to the disabling of all servers and turning off the internet connection for all city departments.
• Moreover, employees were not allowed to log in to the systems.

On 10, January 2019, the City of Del Rio, Texas was hit by a ransomware attack. Upon learning the incident, the City Hall’s Management Information Services (MIS) turned off the internet connection for all city departments to prevent the ransomware spread. All servers were disabled and disconnected from the Internet in order to contain and analyze the ransomware.

Further, employees were not allowed to log in to the systems, as a result of which, all the transactions at City Hall were done manually using paper, with no access to any documents or data stored on the City Hall's systems.

What was the immediate action taken?

The City Hall of Del Rio, Texas published a post on its website stating that the City Hall was attacked by ransomware. The City Hall also briefed in the post the steps taken to address the issue.

• Upon learning about the incident, the City Hall reported the incident to the FBI, after which the city was referred to the Secret Service.
• The City Hall’s M.I.S turned off the internet connection for all city departments.
• Employees were forbidden to log in to their systems.

“The City is diligently working on finding the best solution to resolve this situation and restore the system. We ask the public to be patient with us as we may be slower in processing requests at this time,” the post read.

“Around 30 to 45 computers were turned off after detecting the attack during the morning of January 10 and that the ransom note contained a phone number to be used to contact the attackers for instructions on how to pay the ransom,” Victoria Vargas, PR Manager at the City Hall said BleepingComputer.

According to Vargas, the ransom note stated that the files on the compromised systems were encrypted. However, name of the ransomware strain used in the attack, other details of the ransomware, and if any employees or customers personal data involved in the attack remains unknown.