PLYMOUTH - Plymouthâ€™s computer servers are â€śpretty much back up and runningâ€ť after last Wednesdayâ€™s cyber attack, said Mayor David Merchant. He added that pressing criminal charges against the perpetrator is â€śnext to impossible.â€ť
Merchant said town staff learned of the ransomware attack, which encrypted many town files and demanded a ransom in the cybercurrency bitcoin to unencrypt them, last Wednesday afternoon. In response, the town shut down the police and municipal servers. However, police still had access to their radios and were taking 911 calls. Town IT staff and Jeff Ziplow, cyber security expert with Blum Shapiro, then went through server by server to discover and eliminate the ransomware without having to pay the ransom.
â€śLast Friday we started to bring some things back and get our servers under control,â€ť said Merchant. â€śWe concerned ourselves first and foremost with the systems for our police and ambulance corps and the fire department. Little by little, things were brought back and by the end of the day Friday the police department was back up.â€ť
Over the weekend, the IT experts began bringing municipal servers back online. As of Monday, almost everything was back up. Merchant said that the townâ€™s financial software, but not the data itself, had been targeted.
â€śLast week our finance department was away on professional training, so they werenâ€™t here to be affected anyway,â€ť he said.
Merchant said that there are still a few computers which the IT department is working to restore as of Wednesday. When the ransomware hit, the town also severed its connection to the Board of Education systems. This connection, he said, would be restored by the end of this week.
â€śI have to credit our IT department,â€ť said Merchant. â€śWe were as prepared as we could be. Out antivirus software was up to date, which really helped a lot. They also reacted very quickly in shutting the systems down. They did the right thing in not paying the ransom. We weathered the storm.â€ť
Merchant said that the townâ€™s IT department now plans to meet to discuss why the ransomware attack happened and different procedures to protect the town in the future.
â€śOne of the common problems is people using simple passwords,â€ť said Merchant. â€śThese attackers run programs with something like 100,000 simple or common passwords to try to get in and they only need one.â€ť
Merchant said that he was overall pleased with the outcome, though he was obviously not happy with the â€śdespicableâ€ť people who launched the attack. However, due to the ways in which the people who create ransomware programs protect themselves online, it is unlikely that the town will be able to press charges against them.
â€śFrom what I understand, it is next to impossible to find out where the attack came from,â€ť said Merchant. â€śThough, we are pretty sure that it came through either an email or a simple password being hacked. We have reported the attack to the state police department and to the attorney general. We have done all of the reporting required by law.â€ť
Merchant said that other Connecticut communities, such as Colchester, had also been targeted recently.
Brian M. Johnson can be reached at 860-973-1806 or firstname.lastname@example.org.