PAWTUCKET, R.I. (WPRI) – In less than a year’s time, at least seven Rhode Island municipalities have fallen victim to a ransomware attack, according to Rhode Island State Police. One of those towns spent six figures to unlock its data.
It was June when Pawtucket’s fire department was targeted by ransomware, a type of malicious software that embeds itself into a computer — usually through a hyperlink in an email — and holds data hostage. Fire Chief William Sisson said they’re still feeling the effects.
Hackers demanded money from the city in exchange for close to four years worth of information, including fire reports and call logs that were stored on the compromised server, according to Sisson. The city didn’t comply with the demands.
“We had to rebuild all those files by hand … that’ll take quite some time,” he said in a recent interview. “We’ve been working on it continuously since that time.”
East Greenwich Town Manager Andrew Nota said a ransomware attack on his town’s computers in December “critically disrupted” their systems, though they did not pay the ransom.
Newport fell victim to a malware attack on their schools in July. Exeter was also targeted this past summer, according to their IT manager, James Angi.
“We coordinated with the appropriate authorities, including state police, who were able to determine how our security was breached,” Angi said. “We did not pay any ransom and were able to restore all our data from backups.”
State Police Lt. Eric Yelle, a member of the Rhode Island Joint Cyber Task Force, which is part of the State Police Computer Crimes Unit and responds to cybersecurity incidents, said municipalities often fall pray to ransomware.
“They’re popular targets because of limited resources,” he said.
Yelle said if a municipality has to make a decision between spending money on a crumbling school or cybersecurity, their choice is usually clear. But he said a lack of preparation for a cyberattack can be costly.
“It could take a government out of business,” he said. “A small town, it could shut them down for weeks or months while they recover.”
It’s something Coventry is all too familiar with. Their school department was the victim of ransomware in July. Officials opted to negotiate with hackers, ultimately paying about $200,000 through their insurance company to recover their files.
Superintendent Craig Levis said it was paralyzing. After spending months feeling the effects, things have normalized.
“We are in a much better position now,” he said. “We have taken measures to ensure that if we were hit by any virus or attack, we could isolate the attack and be back up and running in less than an hour with minimal impact.”
Yelle told Eyewitness News that even if they have insurance, municipalities should never pay hackers.
“You’re furthering their cause,” he said. “You’re giving them money to attack you again.”
Rhode Island isn’t the only state whose government servers have been impacted by ransomware.
Last year in New Bedford, Mass., hackers demanded $5.3 million in Bitcoin from city officials.
The city offered $400,000, which would have been covered by insurance, but the hacker behind the attack refused to settle and the city ultimately decided to not pay any ransom.
New Bedford Mayor Jon Mitchell said the city’s Management Information Systems team was able to restore the server and little to no data was lost.
The city has since enhanced their network security and implemented new security practices, according to Mitchell.
“It’s a national problem and I’m sure we’re going to see more of it,” said Yelle, who added that not backing up your computer server can make an attack harder to recover from. “If they don’t back up, they’re in for a long ride.”
Cybersecurity has also been a concern for Secretary of State Nellie Gorbea, who oversees the state’s elections.
With the 2020 election around the corner, Rhode Island has spent close to $600,000 in federal funds to overhaul the state’s central voter registration database as part of the Help America Vote Act.
The state has also allocated another $100,000 of that money to help cities and towns upgrade and secure their systems.
“Strengthening the cybersecurity of our local cities and towns is critical to making sure that all of our government systems work well. Whether it be the central voter registration system, our health department — because a bad actor can come in through any email address into a city or town and from there piggy back on to the state systems and really do a lot of damage,” said Gorbea.
Yelle said he’s confident in the current safeguards the state has in place for elections.
He and the Rhode Island Joint Cyber Task Force spend time training municipal and state workers to help them safeguard against attacks, aiming to prevent them, since stopping the bad actors behind them has proven fruitless.
Yelle said hackers use technology to mask their identities and locations, and are therefore mostly impossible to trace. Because of that, state police haven’t been able to make any arrests in the seven ransomware incidents that have happened since April.
Though some municipalities receive cybersecurity training through private companies, many cities and towns receive their training through the Rhode Island Joint Cyber Task Force.
In East Providence, city spokesperson Patricia Resende said in an email, “cyber security awareness and incident response plans have been implemented as part of the city’s ongoing security strategy.”
Eyewitness News has compiled a list of towns that provides their employees with cybersecurity training:
- Central Falls
- East Greenwich
- East Providence
- Little Compton
- New Shoreham
- North Kingstown
- North Providence
- South Kingstown
- West Greenwich
These towns have not yet trained their employees on cybersecurity:
These towns declined to comment about cybersecurity training or did not respond:
- North Smithfield
- West Warwick
Editors Note: This story has been modified from the original to update information provided by municipalities.