CLEVELAND — Sources have confirmed to 3News Investigates that Cleveland City Hall was indeed hit by a cyber attack and that its computers appear to be infected by malicious software that shows signs of a potential link to a known cyber gang.
Ever since the problem was first flagged on Sunday, city leaders have not publicly acknowledged that it was a cyber attack, instead, preferring to label it a "cyber incident." But the actual situation appears to be much more serious, potentially involving a known cyber gang that has wreaked havoc in the United States before.
City Hall briefly reopened to the public on Wednesday, only to have its services once again closed through at least Friday. Throughout the ordeal, Mayor Justin Bibb and members of his administration have been tight-lipped.
"Our dedicated team of IT experts and other partners are working tirelessly to investigate the breach, secure our systems, and restore normal operations as quickly as possible," Bibb said earlier this week.
However, 3News Investigates has viewed screenshots of city computers that appear to be infected by malicious software, with signs that this malware is associated with a known cyber gang accused of carrying out ransomware attacks elsewhere in the country.
WKYC is not naming the cyber gang, but according to the FBI, the group has previously used ransomware to encrypt and lock victims' files before demanding a ransom in exchange for the decryption key. The cyber gang has been blamed for multiple attacks on U.S. businesses and government entities.
According to Case Western Reserve University professor and cybersecurity expert Erman Ayday, getting a ransom is often not the primary motive for hackers, when information stolen from data breaches are far more valued by criminals.
"This type of a data breach, if you use the data — if it's sensitive enough and you use the data in a strategic way — they (criminals) can make much more money than just getting the ransom," Ayday said.
Ayday also pointed to a more sinister motive for hackers who target local governments: The sensitive data "can be sold to foreign governments."
"Because this is a government agency, there's information on where first responders live, information on law enforcement and judges," he added. "It's more paranoid, but it's happening."
It's important to not that 3News has not confirmed whether there has been any ransom demand, nor do we know how much (if any) personal information of citizens has been compromised.
Malware attacks on government organizations increased by 148% in 2023 compared to the same time the year before, according to a study by the Center for Internet Security. Each year, cyber attacks cost governments in the U.S. an estimated $18 billion in downtime and recovery, per Comparatech.
In 2019, Cleveland spent at least $750,000 to recover from a cyber attack at Cleveland Hopkins International Airport that impacted its systems for several days.
Ayday says companies and organizations can't always prevent cyber attacks, but they can make it harder for hackers.
"You have to educate the people that are working for you," Ayday explained. "Because if you have many, many employees, it means that you have many potential points of failure."
Despite this, a City Hall insider who has worked there for more than a decade told 3News Investigates he has never had any required cyber training. Exactly how the hackers may have gotten into the city's system has not been specified.
Related headlines:
- Cleveland Mayor Justin Bibb taken to hospital following downtown crash; witness says city vehicle turned on emergency lights just before intersection
- 1 killed, 3 injured after overnight crash involving wrong-way driver on I-71 in Cleveland
- Cuyahoga County corrections officer listed as 1 of 2 defendants in felony harassment case