Going analog with pen and paper in the city of Muscatine.

It’s what city employees had to deal with during the past month after a cyber attack crippled their servers.

Ransomware was found in several servers in city hall and one that is used by MUSCOM, the dispatch center.

It was launched early morning Oct. 17.

To address the threat, the I.T. Department had to cut the connection to the internet, which kept city employees from logging in.

While most can log back onto computers no, the threat is not over.

Ransomware is the fifth most common form of cyber incidents. That’s according to the 2018 Data Breach Investigations Report published by Verizon.

While it said ransomware is a particularly problem-some issue for the healthcare industry, no one is immune.

From personal computers to governments, the attack locks people out.

Muscatine Communications Manager Kevin Jenison said, “Kind of an easy target just because of the number of people involved.”

Slowly coming back from the darkness.

Jenison said, “They had to write stuff down, keep a log that way.”

Facing weeks with little use for a mouse, city employees are finding themselves connecting back to the network.

“Most of the systems are back up and working,” said Jenison. “Especially here at city hall.”

But just a few blocks away, the connection is still waiting for a complete reboot.

Jenison said, “The one we’re having the most problem with is the new library. That’s a new system.”

Kevin Jenison, communications manager for the city, said while employees have regained access to their computers, the one for the public remains shuttered. 
It’s meant long hours for the city’s I.T. Department. 

Jenison said, “24/7 type thing since the attack occurred.”

Ransomware attacks lock up a network and then demand payment to regain access.
But the city decided not to fork over the case; instead, going through the impacted servers to hunt down the threat.
While I.T. completes efforts to isolate and eliminate, Jenison said they’re benefiting from forethought.

Jenison said, “Bought the insurance several years ago, not ever expecting that we would need to use it.”

Their insurer is providing additional resources, which is helping to move the recovery process along but that’s not expected to be complete until near the first of the year.

Jenison said, “A lot of systems and workstations that need to be checked and double-checked.”

The next step then is what else the city can do to save themselves the pain of another attack.

Jenison said, “These hackers are very smart, and they’re getting better all the time.”

Jenison told Local Four News, one thing the city is fairly confident there was no data breach. 

“That’s also part of the investigation. From what I’ve been told from the early reports is that we didn’t lose any data as everything is protected and of course, we don’t store credit card information or anything like that,” he said. 

The city is working with the FBI to investigate the attack. 

For some advice to prevent and deal with ransomware, visit this link