The City of Johnson City is taking measured steps to reconnect all computer network systems following an apparent ransomware attack early Monday morning. The note left by hackers did not demand money but indicated some City files had been locked and told users to contact them regarding their release. City staff did not engage the hackers.
"Thankfully, our Board of Commissioners invested in a hyperconverged Storage Area Network (SAN) that became operational three weeks ago, and that has enabled us to restore our files in half a day as opposed to several," said Lisa Sagona, Information Technology director. "We also were able to fully restore as opposed to losing more than a week's worth of information from a less sophisticated type of backup."
While data has been restored, IT staff are methodically bringing operations back online to ensure there are no lingering effects from the threat.
City staff were asked to shut down computers Monday morning while the issue was identified and resolved. Some transactions typically completed electronically were conducted via paper. Phone systems were not affected.
"We have contingencies in place to ensure business continuity," Sagona noted. "While a breach is the last thing we would ever want, we were prepared and able to mitigate the impact on City operations."
Financial software and customer credit card information were not compromised. There is no indication that any personal information was accessed in the attack.
"It is highly unlikely that the hackers obtained any actual data," said Michael Mingle, a senior systems engineer with BCTI, which provides technology support to the City. "In 99 percent of these types of attacks, they are looking for ransom money, not information. In our service area alone, we are seeing about one to two of these a month."
As cyber attacks have become more frequent, particularly in government settings, the City of Johnson City has placed a priority on technology security. Implementation of the SAN is one of the many security enhancements completed in recent months. In addition to moving forward with the scheduled improvements currently in progress, the IT Department will review today's incident to determine if other security measures should be added.