The Middletown Press (Middletown, CT)
Town hacked twice in 2 weeks
Ransomware demanded up to $8K in digital currency
PORTLAND — For the second time in two weeks, the town has been the target of a ransomware attack on its computer system.
The system was attacked March 9. And no, town officials said, “it was not the Russians.”
The staff of the town’s IT department, a local support company and a forensic engineer worked through the weekend and into this week to restore the system.
“There was minimal disruption, thanks to the swift action of Dave Kuzminski and Kevin Armstrong,” First Selectwoman Susan S. Bransfield said.
Kuzminski is the town’s technology coordinator, while Armstrong is the assistant coordinator. “We confirmed that no personal information was involved or affected,” Bransfield added.
Earlier this month, a similar attack struck the town’s system.
“That was version one,” Kuzminski explained earlier this week. “This incident was version two, and it was much more
sophisticated and went after our backup.”
“Ransomware is a subset of malware in which the data on a victim’s computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim,” according to a definition on searchsecurity. techtarget.com
The definition explains the meaning of ransomware, also sometimes called cryptoviral extortion.
The most recent attack occurred at 1 a.m. Friday. A little more than two hours later, a similar one struck the state’s judicial website. It was not immediately clear if the two attacks Friday were related.
The assessor’s files were “locked,” meaning Assessor Richard J. Lasky Jr. could not access the files. “There was a ransom note” on the screen informing the town that its files were blocked and demanding a payment to release them, Armstrong said. The demand was to pay $2,000 in Dash, a digital currency like the more famous Bitcoin, “on the ‘dark web,’ ” Armstrong explained. The ransom demand was $2,000 within two days, $4,000 for four days; after that $8,000, Kuzminski said.
“We choose to do everything we can not to pay,” Armstrong said. “Paying just makes you a future target. So, you do what you can to not stoop to paying a ransom.”
Kuzminski and Armstrong notified Bransfield, who in turn contacted Decian, Inc., an IT support company with headquarters at 269 Main St. She also notified the police, “because this is a crime,” Bransfield said. The department notified state police and the FBI. Relying on a recommendation from the town legal firm Murtha Culina, the town also brought in a forensic engineer from Synacktek in Shelton.
Together, “We took a deep dive into the server,” Armstrong said.
They determined the malware attack came from a server in Romania, Armstrong said. But that does not mean the people who launched the attack actually live in Romania, he said.
“We have made, and will continue to make, some new improvement in safeguarding the system,” Bransfield said.
The town will also undertake “a concerted employee education process. We certainly plan on doing better going forward,” she said. “Nothing left us — no personal information got out. It was locked.”
“It’s the price of doing business,” Armstrong said earlier in the week. “This is one of the pitfalls, so to speak, of technology. There are bad people out there all the time.”
“It could have been a lot worse,” Kuzminski added.