CLEVELAND — The city of Cleveland has confirmed that the "cyber incident" that has disrupted its IT operations this week is due to a ransomware attack, a development that was first reported by 3News Investigates on Thursday.
In a statement issued on Friday, the city says "the nature of the attack is still under investigation while we work to restore and recover our systems. At this time, we cannot disclose anything further. While the threat as been identified and contained, this continues to be a sensitive and ongoing matter."
Cleveland City Hall will remain closed to the public on Monday, although city officials say "essential services, including waste collection, recreation centers, operations at the airport, Cleveland Public Power, Water and Water Pollution Control, are functioning and operating normally to ensure the continued well-being and safety of our residents."
3News Investigates also obtained the below email from City Hall to city of Cleveland employees:
"After a thorough investigation by our IT Department, led by Commissioner Kim Roy Wilson and external cybersecurity experts such as the FBI and the Ohio National Guard’s Cyber Reserve Unit, we can confirm that the cyber incident that disrupted the City of Cleveland’s IT systems is a ransomware attack. The nature of the attack is still under investigation while we work to restore and recover our systems. At this time, we cannot disclose anything further, as this is a sensitive investigation."
3News Investigates has viewed screenshots of city computers that appeared to be infected by malicious software, with signs that this malware is associated with a known cyber gang accused of carrying out ransomware attacks elsewhere in the country.
WKYC is not naming the cyber gang, but according to the FBI, the group has previously used ransomware to encrypt and lock victims' files before demanding a ransom in exchange for the decryption key. The cyber gang has been blamed for multiple attacks on U.S. businesses and government entities.
According to Case Western Reserve University professor and cybersecurity expert Erman Ayday, getting a ransom is often not the primary motive for hackers, when information stolen from data breaches are far more valued by criminals.
"This type of a data breach, if you use the data — if it's sensitive enough and you use the data in a strategic way — they (criminals) can make much more money than just getting the ransom," Ayday said.
Ayday also pointed to a more sinister motive for hackers who target local governments: The sensitive data "can be sold to foreign governments."
"Because this is a government agency, there's information on where first responders live, information on law enforcement and judges," he added. "It's more paranoid, but it's happening."
According to the city of Cleveland, "over the last six months, attacks of this type have increased by 50+ percent, a stark reality that no organization is immune to the costs and consequences of operating in the digital world."
Previous Reporting:
- 3News Investigates: Cleveland City Hall was the victim of a cyber attack; signs point to known cyber gang
- Cleveland City Hall will be closed to public again Thursday and Friday as fallout from 'cyber incident' continues
- Cleveland City Hall to reopen Wednesday after 'cyber incident' closed building for 2 days