Earlier this week, the IT department in Sammamish, Washington, was tested for their ransomware removal strategies as a tech extortionist targeted the city. The unknown attackers had caused all the computer screens at the City Hall of Sammamish to go dark as they were locking and encrypting files.
Ransomware Removal’s Immediate Response
The Interim City Manager of Sammamish had immediately declared emergency in the city in order to summon and hire the forensic specialists for the city’s computer networks. This is also when Sharon Given, the Communications Manager for the city, released a statement saying that the access to shared drives had been completely shut off.
Ransomware removal forensics began working on Wednesday. Throughout the duration of their work, the network servers remained closed. This means that all the workers in the city who needed access to the internet via their mobile devices and laptops were left stranded. Everyone in the city could be seen going back to the old-fashioned paper and pen technique for getting things done.
City Services That Were Affected
While the 911 emergencies like fire and police departments didn’t seem affected by the threat, pet licenses and passport services were suspended for the one day period. Many banks and their respective clients had suffered losses too because credit cards had to be canceled immediately.
The City’s Evaluation of the Threat
Law enforcement agencies and ransomware removal experts had joined forces in Sammamish to evaluate the situation and determine what the attackers’ demands. The Chief Technology Officer at the Seattle-based WatchGaurd Technologies, Corey Nachreiner, was of the opinion that even though attacks were happening over the world, this was quite targeted.
The ransomware attack, according to these experts, seems to know its way around the city’s systems and knew what it had to do to find whatever it was looking for. Typical attacks in ransomware normally begin with someone opening a piece of malicious mail or the likes. And once this happens, the ransomware is downloaded onto the network behind the scenes.
Well, the ransomware did get into the city’s systems in the very same manner a typical ransomware would, but the attackers weren’t after money. They were on the lookout for information, which is yet unknown. This information was then meant to be kept hostage for further extortion from the city.
The city has yet to find out what vital information has been compromised. From the looks of it, all they can do is wait and see what next move the unknown cybercriminals make.
