Sarasota, Florida, City Manager Tom Barwin reflects on lessons from a ransomware attack.
1 November 2016
A ransomware attack on city computers in Sarasota, Florida, and perspectives from City Manager Tom Barwin appeared as examples in a lengthy article about cyberattacks on government computers.* We spoke with Barwin, a 35-year ICMA member, to learn more.
Early in 2016, Sarasota experienced a ransomware attack when a city staff member inadvertently opened an e-mail with a malicious attachment. The attack corrupted the staff intranet—the internally hosted file-sharing and storage network—and the e-mail demanded a ransom of half a bitcoin per file. Since an estimated 160,000 files were affected, that amounted to about $33 million at that time (it would have been more today, when a bitcoin is valued at about $650).
The attack occurred despite staff training and education about the dangers of spam, malware, and cybercrime, and cautions about phony e-mails and scams. The information technology (IT) and city management staff quickly analyzed the situation to determine the best course of action. According to Barwin, IT was “on top of things,” identified the problem right away, had backup systems in place, and was able to take the servers down and restore the system within a single workday. They made the decision to shut down the intranet long enough to restore the data—and not to pay the ransom.
Sarasota was fortunate that the attack did not affect sensitive information about employees or residents, and the impact on the public was minimal or nonexistent. So there was no decision to communicate about it publicly.
Sarasota, Florida, City Manager Tom Barwin
Other cities and counties have not been so lucky, and some have (reluctantly) met criminals’ demands to regain access to records, retrieve data that has not been properly backed up, or restore the functionality of critical systems that have been “held hostage.”
Asked to reflect on the attack and its aftermath, Barwin said his biggest takeaways were these:
The FBI issued a public service announcement in September 2016 urging ransomware victims to report incidents to federal law enforcement. It says, in part, “Victims may not report to law enforcement for a number of reasons, including concerns over not knowing where and to whom to report; not feeling their loss warrants law enforcement attention; concerns over privacy, business reputation, or regulatory data breach reporting requirements; or embarrassment.”
The announcement reinforces the seriousness of the ransomware threat, provides a description of the information it needs in a report, lists recommended precautions that can reduce the risk of a ransomware attack, and provides a link to locations of FBI field offices throughout the United States.
* Criminals Increasingly Hold Government Computers for Ransom,” by Jenni Bergal, originally in Stateline, an initiative of The Pew Charitable Trusts.
to rate this
Sign in to comment
City of Sarasota, FL
Technology can help train employees and foster organizational development, but virtual experiences like webinars and online networks cannot replace the...
From “BIG Ideas” Conference Discussion to Continuing the Conversation in the "BIG Hour" in Your Own Community – 7.17.17 is...
Community broadband service: Citizens and businesses demand it, community leaders support it, and it’s your job to make it happen....
Follow us @ICMA
411 N. Central Ave. Suite 400Phoenix, AZ 85004P: 888.496.0944F: 813.704.4393
Copyright @ 2014, Alliance for Innovation