Ransomware attack paralyses Lake City email, landlines and credit card services

Lake City  has warned citizens that administrative systems, including email and credit card systems, are down following a ransomware attack on the Florida municipality.

Cloud Native Now

The attack, called “Triple Threat” in a press release issued by the city, reportedly combined three attack vectors to infect government endpoints, crippling the city’s administrative email systems, as well as landlines and credit card payments. Emergency services, however, remain untouched, according to the release.

“Currently, all City of Lake City email systems are inoperable. Most land-line phones are also out of order,” the release reads. “All emergency services including Police and Fire are fully operational. While other City networks are currently disabled, Public Safety networks are isolated and protected by encryption. As a result, all Emergency services remain intact …  however credit card payments are currently not available.”

The city’s administration has resorted to pen-and-paper operations, as is typical when ransomware hits critical infrastructures and government institutions.

“Backup systems, such as using paper receipts for utility and water payments and hand-written building permits, are being employed,” city officials say. “Any late fees incurred by City-related payments which resulted from delays caused by this attack will be waived. Utility payments can still be made in-person at City Hall…”

City Manager Joe Helfenberger assures Floridians residing in Lake City that administrators are using every available resource to recover from the attack. IT staff have isolated the affected systems to prevent the ransomware from spreading, and the city has enlisted the help of a consultant who is well versed in ransomware.

The city’s IT chief says that, while systems are shut down, there is currently no evidence that any sensitive data has fallen into the wrong hands. For example, those concerned that the hackers might have stolen their credit card information are told to rest assured that this data is stored off-site by third party vendors and would not have been accessed in an attack like this.

Most city departments are operating using Emergency Operations cell phones. Any critical information will be released through the Lake City Police Department’s Facebook page, officials said.

The notice falls short of saying how the attack occurred.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: