Plymouth servers return after cyber attack

Published on Wednesday, 13 March 2019 21:11


PLYMOUTH - Plymouth’s computer servers are “pretty much back up and running” after last Wednesday’s cyber attack, said Mayor David Merchant. He added that pressing criminal charges against the perpetrator is “next to impossible.”

Merchant said town staff learned of the ransomware attack, which encrypted many town files and demanded a ransom in the cybercurrency bitcoin to unencrypt them, last Wednesday afternoon. In response, the town shut down the police and municipal servers. However, police still had access to their radios and were taking 911 calls. Town IT staff and Jeff Ziplow, cyber security expert with Blum Shapiro, then went through server by server to discover and eliminate the ransomware without having to pay the ransom.

“Last Friday we started to bring some things back and get our servers under control,” said Merchant. “We concerned ourselves first and foremost with the systems for our police and ambulance corps and the fire department. Little by little, things were brought back and by the end of the day Friday the police department was back up.”

Over the weekend, the IT experts began bringing municipal servers back online. As of Monday, almost everything was back up. Merchant said that the town’s financial software, but not the data itself, had been targeted.

“Last week our finance department was away on professional training, so they weren’t here to be affected anyway,” he said.

Merchant said that there are still a few computers which the IT department is working to restore as of Wednesday. When the ransomware hit, the town also severed its connection to the Board of Education systems. This connection, he said, would be restored by the end of this week.

“I have to credit our IT department,” said Merchant. “We were as prepared as we could be. Out antivirus software was up to date, which really helped a lot. They also reacted very quickly in shutting the systems down. They did the right thing in not paying the ransom. We weathered the storm.”

Merchant said that the town’s IT department now plans to meet to discuss why the ransomware attack happened and different procedures to protect the town in the future.

“One of the common problems is people using simple passwords,” said Merchant. “These attackers run programs with something like 100,000 simple or common passwords to try to get in and they only need one.”

Merchant said that he was overall pleased with the outcome, though he was obviously not happy with the “despicable” people who launched the attack. However, due to the ways in which the people who create ransomware programs protect themselves online, it is unlikely that the town will be able to press charges against them.

“From what I understand, it is next to impossible to find out where the attack came from,” said Merchant. “Though, we are pretty sure that it came through either an email or a simple password being hacked. We have reported the attack to the state police department and to the attorney general. We have done all of the reporting required by law.”

Merchant said that other Connecticut communities, such as Colchester, had also been targeted recently.

Brian M. Johnson can be reached at 860-973-1806 or

Posted in The Bristol Press, Plymouth, Terryville on Wednesday, 13 March 2019 21:11. Updated: Wednesday, 13 March 2019 21:13.