CLEVELAND, Ohio – Cleveland officials aren’t saying much about a “cyber incident” that closed City Hall on Monday, leaving residents in the dark about what sensitive information may have been accessed, whether the city is being asked to pay a ransom, and who is to blame.
In the immediate aftermath of a cyber attack, lack of information is normal, according to two cybersecurity experts who spoke to cleveland.com on Monday morning. Government officials themselves still may not know all the details, and even if they do, that information is often not immediately shared with the public, the experts said.
In Cleveland’s case, city officials aren’t deviating from the norm, at least not yet. Other than City Hall and city offices at Erieview Tower remaining closed for a second day on Tuesday, few, if any, new details were shared during a Monday afternoon press conference with Mayor Justin Bibb.
City officials have said that utility customer information, and taxpayer information held by Cleveland’s Central Collection Agency, were not affected.
Other than that, Mayor Justin Bibb’s team had few other new details to share when cleveland.com on Monday sent in a list of questions about the incident, which was first announced publicly at around 9 p.m. on Sunday.
Asked what information was accessed, what type of “cyber incident” occurred, and whether city officials even understand the scope of what data might have been affected, spokeswoman Sarah Johnson shared the same answer multiple times: “The city continues to assess the nature and scope of the incident.”
Without knowing what kind of “incident” occurred, it is difficult to know what the impacts will be on Clevelanders, and city government operations.
But money is a common factor in the vast majority of cyber attacks nowadays, said Alex Hamerstone, director of advisory solutions for Fairlawn-based TrustedSec.
“It’s like if you walk outside and get wet. There’s a lot of things that could be (causing it). But it’s probably raining, right? It’s the same thing with ransomware. These are so common now, and the motivation for hacking is so money-based,” Hamerstone said.
If Cleveland is facing a ransomware attack, it would likely follow the path of other recent ransomware attacks on governments and businesses, like one that happened in Baltimore in 2019.
In the typical case, Hamerstone describes how ransomware works: The hacker will access a computer system, then encrypt it and shut it down, which prevents normal users from accessing the information it contains. Then, the hacker will contact the owner and ask for money. If the owner pays, the hacker will send them a key to unlock the encrypted data and regain normal access to the system.
Asked whether the city would consider paying such a ransom, Bibb on Monday declined to say.
Lisa Plaggemier, executive director at the National Cybersecurity Alliance, told cleveland.com that governments and businesses who pay ransoms are often back online and up-and-running more quickly than those who refuse to pay ransoms.
For entities that refuse to pay, Plaggemier described how the right infrastructure and back-up systems must be in place, to avoid long, drawn-out restart times.
“It might take them longer to recover, because they’re having to bring all their systems back online, maybe revert to their backups and (they have to go) system-by-system-by-system, making sure that it’s all clean and there’s no malware left,” Plaggemier said.
Bibb and other city officials on Monday declined to say whether all of Cleveland’s vital data is adequately backed up.
Asked what city officials are doing to address the “cyber incident,” Johnson said she couldn’t provide an answer because those steps are “confidential.”
It’s unclear when the situation might get resolved.
Johnson also said the “cyber incident” was discovered through normal operations of the city’s information technology systems. And she said that state and federal officials, along with cybersecurity experts, are currently providing Cleveland with guidance about how to handle the situation. City Hall’s top-ranking IT official is longtime Information Systems Services Commissioner Kim Roy-Wilson, who took over in March following the resignation of Chief Innovation and Technology Officer Roy Fernando
One of cleveland.com’s few questions that elicited a more substantial response from City Hall was whether any of Cleveland’s aging computer systems might have made the city more vulnerable to a cyber attack. Johnson said no.
“The City has made significant investments in recent years to enhance the security of its operations and utilizes best practices to maintain cybersecurity. Due to the ever-evolving and persistent practices of threat actors, it is, however, impossible to eliminate all risk of a cyber incident occurring,” Johnson said.
Alex Hamerstone of TrustedSec said the age of computer systems doesn’t necessarily increase vulnerability to cyber attacks. And reliance upon paper record-keeping – which is still used for some city functions – can provide protection from a cyber attack.
When City Hall announced the incident on Sunday night, it said it would take precautionary measures by shutting down its affected IT systems. Those shutdowns do not seem to have affected the city website, which appeared to be operating as normal on Monday. Johnson used her city email address to read and respond to cleveland.com’s questions on Monday, so email appears to be operating normally as well.
Some city services aren’t affected, including police, fire, EMS, animal control, the municipal court, recreation centers, trash pick-up, airports, and utilities, including Cleveland Water and Cleveland Public Power, Johnson said.
The city’s normal 311 operators weren’t initially working on Monday morning, but they have since resumed operations.
City Hall and Erieview Tower, which houses the Public Health Department, among other city services, remained closed on Monday, and will remain closed again on Tuesday. City workers who report to those locations are being told not to come into work. Those who can work remotely are doing so, Johnson said.
If you purchase a product or register for an account through a link on our site, we may receive compensation. By using this site, you consent to our User Agreement and agree that your clicks, interactions, and personal information may be collected, recorded, and/or stored by us and social media and other third-party partners in accordance with our Privacy Policy.
