In the early morning hours of July 27, a ransomware cyberattack on the City’s computer system disabled network services resulting in disruptions to phone service, email, and online payment and reservation systems. 9-1-1 and emergency dispatch services were not affected. Staff detected the infection and ransom notification at approximately 6:50am and disabled all network connections to contain the malware spread. Mutual aid from neighboring jurisdictions was brought onsite to assist, and a cybersecurity analyst was contracted to provide forensic investigation and recovery. Additional resources were deployed from the Boulder Office of Emergency Management and the State Office of Information Technology.
Ransomware is a type of malicious software designed to block access to a computer system or files until a sum of money is paid. Preliminary investigation indicates the ransomware entered the City’s network through a phishing scam or brute force, and looks to be a random attack.
Financial data appears to be recoverable from unaffected backups. Personal credit card information was not compromised, as the City uses external PCI-certified payment gateways. There is no evidence to suggest personal data was compromised, but out of an abundance of caution, residents and employees are advised to be vigilant to monitor accounts for suspicious activity. The City will be sending a security breach notification to individuals who have personal information residing on the City’s network.
System servers and computers are currently being cleaned and rebuilt. Once complete, data will be restored to the system and operations will resume. No permanent damage to hardware has been identified. While core City operations continue, online payment systems have not resumed. At this time, the City is unable to estimate a timeline that all systems will be back up and running. A list of temporary phone numbers and emails can be found here:
The ransomware that invaded the City’s system was used by criminals to block access to the City’s computer data until a sum of money is paid. The City was coerced into paying a $45,000 ransom to retrieve a “key” to unlock encrypted data. Ransom payment was not the direction the City wanted to go, and pursued all avenues to find alternative solutions. In a cost/benefit scenario of rebuilding the City’s data versus paying the ransom, the ransom option far outweighed attempting to rebuild. The inconvenience of a lengthy service outage for residents was also taken into consideration.
While there is no way to eliminate the risk of these types of attacks, the City is taking steps to install crypto-safe backups, deploy additional cybersecurity systems, and implement regular vulnerability assessments to prevent future data threats.
City of Lafayette Mayor Jamie Harkins released a video discussing the cyberattack. Watch now here: