A “foreign actor” compromised city computer systems, officials said in a news release, at which point on April 18 they shuttered the network. Leaders began working with their insurance company and a cybersecurity attorney and started restoring critical systems, according to the release.
A “known hacking group” communicated and exchanged information on 477 gigabytes of data said to be stolen; the group had accessed administrative credentials and tried to uninstall antivirus software and other protective measures.
“We are in the process of replacing all the network infrastructure, including servers, storage, and all the desktops and laptops,” Director of Information Technology Troy Swanson said. “By doing so, we will create a new cyber secure environment that we can assure is set up for the future and not able to be compromised.”
Mike Perry, director of the city’s Office of Professional Standards, said in a statement the situation is somewhat ongoing.
“We’re currently in this pattern of waiting to see if and when they’re going to publish the data,” said Perry, who indicated he was involved in Abilene’s purchase of cyber insurance. “There’s not a lot more dialog to be had because we’ve told them we’re not going to pay the ransom.”
The city increased its cyber coverage last year, he said; and while its investigation continues, Perry said the amount of data taken appears relatively small compared to total storage, and there is no indication that it has been misused.
The Fox West Texas affiliate earlier reported officials had indicated they would not pay a ransom to the “criminal group” Qilin by a May 27 deadline.
The city, Swanson said, hopes to be fully functional again within a few months. Its core functions such as fire, police and water services continued to operate through the outage, and critical infrastructure wasn’t lost.
“Our main push is to get desktops and laptops back in the employees’ hands so they can continue to perform their functions,” Swanson said. “In many cases, there have been stopgap measures or interim measures to perform work, but we have many time-bound and funding-bound business practices that we are standing back up, and we’ve been relatively successful at that.”
