The Lake City Police Department is investigating a ransomware attack on their city network systems that resulted in the shutdown of several emergency services. The ransomware used in the attack has been detected as ‘Triple Threat’.
In a breach notification, the Lake City police have revealed that the attack occurred on May 10, 2019. The ‘Triple Threat’ ransomware program had combined three different methods of attack to target the City’s network systems. This has forced the city’s email systems, land-line phones, and credit card services to shut down.
However, all emergency services including Police and Fire are not affected by the attack. Public Safety networks have also been isolated and protected by encryption.
“Currently, all City of Lake City email systems are inoperable. Most land-line phones are also out of order. All emergency services including Police and Fire are fully operational. While other City networks are currently disabled, Public Safety networks are isolated and protected by encryption. As a result, all Emergency services remain intact,” said the notification.
The aftermath of the attack
Following the ransomware attack, the city is forced to use paper receipts and hand-written bills for most of its payment services.
“Backup systems, such as using paper receipts for utility and water payments and hand-written building permits, are being employed. Any late fees incurred by City-related payments which resulted from delays caused by this attack will be waived. Utility payments can still be made in-person at City Hall, however, credit card payments are currently not available,” the police added in the notification letter.
It is unclear if any sensitive data has been misused or compromised. However, the City Information Technology Director Brian Hawkins has claimed that no payment data would have been accessed in the attack as such data is stored off-site by third party vendors.
What actions are taken?
The city manager Joe Helfenberger has said that they are using all available resources to recover from the attack. IT staff are working continuously to isolate the infected systems and recover any lost data.