The recent ransomware attack on Modesto’s IT network may cost the city at least $1 million for expert help in recovering from it and for “additional security detection and prevention tools that may have deterred the attacker,” according to a city report.
The City Council is expected to approve spending as much as $586,645 for the expert help and as much as $497,000 annually for the security detection and prevention tools.
Modesto anticipates it will be reimbursed by its cybersecurity insurance provider for the cost of the expert help, less the city’s $100,000 deductible, according to a resolution accompanying the city report.
The Police Department’s IT network was hobbled by the Feb. 3 ransomware attack. The laptops in patrol vehicles and other technology were not working. The report states it took five weeks to recover from the attack.
Officials have said the attack did not prevent police from responding to 911 calls or put the public at risk. A department spokeswoman said last week that nearly all of the network has been restored, including the laptops in patrol vehicles.
The city report states that before the ransomware attack, Modesto’s IT Department had been working on asking the City Council to approve this month the purchase of additional security tools.
“The city was obviously planning some upgrades, but that doesn’t necessarily mean that what they already had in place was subpar,” said Brett Callow, a threat analyst with the cybersecurity firm Emsisoft, in an email. “That said, most attacks do succeed as a result of basic security shortcomings like not using MFA (multifactor authentication) everywhere it should be used.”
A city spokesman has provided the names of two cybersecurity firms that helped Modesto in the ransomware attack: MoxFive and one of its subcontractors, Entara. The spokesman has said MoxFive’s services included confirming backups are valid and usable and hardware reimaging and rebuilding to eliminate possible infection on servers, workstations and laptops.
A ransomware group called Snatch has claimed responsibility for the attack and last week posted 15 files on its website that it claimed contained Modesto data. Callow, the cybersecurity expert, said that generally means a city has not paid the ransom. He said that is the right thing to do because there is no guarantee the cybercriminals won’t keep the data despite being paid or sell it to other criminals.
Modesto has said personal information — including Social Security and driver’s license numbers — may have been accessed in the ransomware attack. The city in early March sent letters to people whose personal information may have been compromised and offered them one year of free credit monitoring.
The city has not said how many people received letters, but the city manager has said they were mainly city employees and almost entirely limited to Police Department employees. He has said a small number of people who don’t work for the city may been affected, too.
Meanwhile, Oakland continues to deal with the fallout of a ransomware attack from February. The cybercriminals have posted Social Security numbers, medical records and home addresses of thousands of current and former city employees, according to CBS Bay Area News.
The news station reported that confidential information of some Oakland residents who have filed claims against the city or applied for city programs also has been released.
© 2023 The Modesto Bee. Distributed by Tribune Content Agency, LLC.
