Gary, Ind., is working to strengthen its cyber threat detection and response after suffering its first ransomware attack in April 2021.
Gary Chief Innovation Officer Lloyd Keith told Government Technology that the attack galvanized officials into taking greater action to meet cybersecurity goals, and that the city is now signing a long-term contract with IT security provider UncommonX (formerly 5thColumn).
“Budgets are the problem. This hack brought to fruition the idea that now you’ve got to spend money on cybersecurity,” Keith said. “Even though it’s been on my strategic plan for the past couple of years, the hack says, ‘here’s the money.’”
UncommonX offers 24/7 monitoring, among other services, and Keith said tapping the vendor is expected to be more cost-effective for the city than developing its own cybersecurity department would be. In-house staffing and equipment costs might strain municipal budgets and the city would have to obtain the cybersecurity know-how to identify the right tools and strategies.
INSIDE THE APRIL ATTACK
Gary’s new approach comes after city servers fell to a Conti ransomware strain in April 2021.Malicious actors conducting the April attack were able to use the remote desktop access program AnyDesk to penetrate city networks and get control of some administrative capabilities, Keith said. The incident compromised several servers and systems that underpinned essential city services, Gary Mayor Jerome Prince said in a Nov. 10 press release.
The extortionists unsuccessfully demanded an $880,000 ransom, with city officials leery of paying in part due to reluctance to trust criminals to keep their word, according to Keith.
After a network administrator discovered the attack, Keith’s team notified the FBI, the Multi-State Information Sharing and Analysis Center (MS-ISAC) and Homeland Security and began working to try to stop the malware from spreading to any networks that were still unscathed. That included shutting down any instances of the AnyDesk program they discovered.
GETTING BACK UP
The next major step would be to restore the city systems from backups — assuming these files had stayed safe from the ransomware, that is. Gary relies on backup solutions provider Unitrends and found that its on-network backups were corrupted, though its offline ones were viable.
But the city couldn’t start using those offline files to restore systems until it was certain the ransomware was purged from the networks.
UncommonX was able to map the city’s digital ecosystem and contain the malware within 72 hours, the firm states in the Nov. 10 press release. The vendor assisted with identifying and responding to threats, patching vulnerabilities and restoring systems.
Gary rebuilt systems and ultimately got back up and running within two weeks. But Keith underscored that any downtime interrupts residents’ access to services.
“That time for rebuild affects folks,” he said.
That puts a focus on strategies for better heading off threats before they gain purchase.
Gary highlights cybersecurity as a key area of its 2020-2023 IT strategic plan, with the report noting that the municipality faces challenges such as a need to modernize legacy systems, keep up with new technology rollouts and get more resources and expertise.
The city already requires staff with network access rights to undergo cybersecurity training four times a year, with this effort conducted by security awareness training provider KnowBe4, Keith said. Now it looks to UncommonX to supplement these prevention efforts with behind-the-scenes detection and response, cutting down on the amount of phishing attempts and malware scams that reach end users.
“Part of what UncommonX brings to the table is the notification and the eradication of a lot of those attacks right at the beginning, so a lot of that doesn’t even get to the end user — and that’s a big, big plus,” Keith said.
Patrick Hayes, chief security officer for UncommonX, also told GovTech that the vendor aims to help government leadership get a handle on the price tag of cybersecurity measures by explaining threats and tying goals to budget asks.
“We also look to help with translating the needs into budgeting and investment for those cities so that they understand really what they’re up against, and how do they leverage their limited resources with companies like us to support them,” Hayes said.