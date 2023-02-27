Oregon City officials are beefing up protections against network attacks and still determining how much forensic and legal fees are being spent after a hacker recently disrupted city services.
First the good news: Oregon City carries insurance to pay for these types of “sophisticated ransomware attacks,” and it appears that no one’s personal data was hacked, said Oregon City spokesperson Jarrod Lyman.
“Based on the city’s investigation, there is no reason to believe that any sensitive data or personal information was accessed during the incident,” Lyman said.
The hacker had gotten stuck behind Oregon City’s network firewalls and had demanded a ransom even through the hacker was not able to access the city’s network. Oregon City didn’t pay the ransom; officials shut down parts of the network as a precaution, then carefully began turning them back on with backed up data.
“The city’s investments in backup technology have allowed the city to recover from this incident without paying a ransom,” Lyman said.
Extra costs to Oregon City for hiring third-party specialists brought in to assist are still being tabulated and will be billed to the city’s insurance. Lyman thanked “nearly around-the-clock efforts” from Oregon City IT staff, Polar Systems and third-party specialists for helping resolve the situation.
Ransomware attacks are common against public agencies statewide and nationally. In January 2020, Tillamook County paid $300,000 to restore computer services after its system was hacked. Six months later, the city of Keizur shelled out $48,000 to a hacker to regain control of its municipal computer system. In May 2021, the Centennial School District in Multnomah County was hit with a ransomware attack but was able to restore service without paying.
More than two weeks after Oregon City officials announced that city employees were unable to access “certain” online files, basic city services were still being affected by what they were simply calling a “network disruption,” declining to discuss the hacker at the time out of concern for protecting the ongoing investigation.
In addition to the city’s previously reported inability to issue land-use permits due to the computer problems, Oregon City had to cancel a City Commission meeting on Feb. 15 and was unable to process supposedly automatic payments through utility customers’ bank drafts.
Oregon City’s Utility Customer Service Department normally processes payments through customers’ bank accounts on the 20th or 21st of each month, but on Feb. 21, city employees were unable to process about 900 monthly payments.
City officials had to mail an extra letter explaining the autopay failure to hundreds of customers who did not receive penalties for late payments. Officials have apologized to citizens for delays and inconveniences resulting from a hacker shutting down various systems.
“We understand the downtime of our services was a source of frustration and inconvenience for our residents and all who do business with the city. We thank our employees and residents for their patience and cooperation while the city undertakes the thorough, methodical process necessary to recover from such an incident,” Lyman said.
Oregon City employees discovered their inability to access some computer and telephone systems on Monday morning, Feb. 6. City offices and public buildings have remained open while the city immediately launched an investigation.
While the investigation of this incident continues, Lyman said that efforts are already being made to prevent future similar incidents.
“Part of the process is taking steps to increase the security and resiliency of the network to decrease the chances of anything like this happening again,” he said.
Lyman said on Feb. 27 that city is hoping to resolve the situation with full data recovery and restoration by the end of the week. Some of the monthly utility bills were processed a week late, but the automatic billing is back up and running, Lyman said.
Some city phone systems were down in the wake of the network disruption but are now functioning. OCPD operations were never affected by the incident.