The costs of recovering city data and preventing future digital strikes have already exceeded the ransom demanded by the hackers who locked it up in the first place.
At a Keizer City Council meeting Monday, July 20, the council approved three contracts for services related to the hacking of city computers in June. On June 10, hackers locked up the city’s data behind a digital wall and required a $48,000 ransom payment before turning over the keys to unlock it. So far, the city has paid at least $60,000 to recover from the hack.
To handle negotiations with the hacker, the city contracted with New York-based Arete Advisors. Arete provided negotiation services, is conducting a forensic analysis and installed a new virus scanner to determine whether additional viruses or malware are present in the city’s network. The cost for those services was $36,230.
The payment of the ransom and a 2 percent transaction fee was covered by the city’s cyberinsurance provider. The transaction fee covered processing charges for paying the ransom through Bitcoin, a nearly-impossible-to-track cryptocurrency. Arete also sold the city a new virus protection program, SentinelOne to protect against future attacks. The cost is $12,418 for a 36-month subscription and the program covers 160 computers.
“We are implementing a lot of new processes and a new virus package that should be able to stop a future attack,” said Tim Wood, Keizer’s finance director.
Wood said the new protection software would have stopped the virus before it entered the city’s computers and uses “active intelligence” to keep up-to-date on the latest virus threats. “It definitely has more meat than the one we were using and they offer a ransomware warranty – that’s how much they stand behind their product.”
In addition to those costs, the city will pay between $10,000 and $15,000 to Lewis Brisbois Bisgaard & Lewis, a Portland-based law firm, for legal assistance in facilitating the forensic investigation and assessing consumer and regulatory notification obligations.
Wood said city computers are almost completely up and running, but there may be additional costs as the recovery continues.
“We are rolling out two-factor authentication to all of our endpoint and network users and still have a lot of things in the works,” Wood said.
Two-factor authentication requires users to enter two pieces of authentication – such as a password and numeric code sent to a cell phone – before granting access to a network or computing device. The city is also planning to change internet service providers as an additional layer of protection. Comcast currently provides internet connection for city computers.
Wood said the city would be supplying the public with additional information regarding the hack at a future date once the forensic investigation wraps up.