In light of a cyberattack nearly three weeks ago that continues to disrupt services, the city of Akron is spending $100,000 for protection against malware. And the expense of the attack and recovery is expected to grow exponentially.
The city believes the attack was launched at least in part by a phishing email, and the goal was to transfer city money into fraudulent credit cards. Chief of Staff James Hardy says none of the money left city coffers, but that’s about the only piece of good news.
“We caught it immediately, stopped it, and as I’ve been explaining to people, essentially on their way out they decided to set the house on fire with the virus,” Hardy said. “So that virus really created the havoc.”
That havoc continues to impact emails, the courts, utility and tax bills and scores of other ways the city does business, and full recovery could take another month.
An FBI investigation continues, and federal and state experts recommended the city spend $100,000 to install a secondary malware protection on all 1,200 of its computers. Hardy says the city’s also trying to track lost productivity and personnel costs, and is going to need a major upgrade of its computer system by the end of the year.
Any upgrade will likely include cloud backup, rather than relying solely on the city’s servers. Councilman Russ Neel says the city has little choice given the sophistication of hackers.
“I think it’s just the nature of the world we live in now. These folks that use technology for doing wrong understand that small municipal governments don’t have the infrastructure like an IBM, Microsoft, Google or an Amazon. So if they’re using servers,” Neel said, referring to city IT systems, “they attack them.”
Hardy says the recovery is taking so long in part because of the sophistication of the attack and in part because the city doesn’t want to reintroduce the virus if every computer isn’t clean.
Investigators believe the attack was to try to siphon money from the city, not to steal identities.