The city of Albany, New York, was hit by a ransomware attack on Saturday, March 30, Steve Hughes at the Albany Times Union reports. City officials worked through the weekend in response to the attack, and most city functions were available by Monday afternoon.
The city clerk’s office is still affected, so birth, death and marriage certificates will have to be obtained from New York’s Office of Vital Records. Residents are also advised to apply for marriage licenses in one of the neighboring cities.
The city’s payroll services are down, and employees are tracking their hours on paper. Gregory McGee, Vice President of the Albany Police Officers Union added that the attack appeared to be affecting computers in patrol cars, although Albany’s mayor, Kathy Sheehan, said the malware had no impact on police functions.
Sheehan said at a press conference on Monday that no personal information belonging to residents or employees is at risk. The full extent of the attack remains unknown, however, and city employees will be provided with credit monitoring services just in case.
Sheehan didn’t share any details about the ransomware itself or how the attack happened. She also didn’t disclose whether or not the city paid the ransom. “This is the new normal,” Sheehan said, “and we know that these types of incidents happen across the country — probably more than anyone realizes.”
Attackers are increasingly targeting smaller cities and counties because they know that these targets often lack the funds to recover from ransomware attacks without paying for the decryption key. Albany is a mid-sized city, large enough to be a lucrative target, but not so large that one can assume it would be well-defended.
New-school security awareness training can help your organization defend against these attacks by teaching your employees how to identify and avoid malicious behavior.
Times Union has the story: //www.timesunion.com/news/article/Sheehan-No-personal-data-taken-in-cyber-attack-13732245.php