Hackers broke into city servers, demanded money in exchange for data

QUINCY — The city is working to restore access to some of its servers after Quincy’s online network was hacked in a targeted cyberattack last Thursday.

Chris Walker, chief of staff for Mayor Thomas Koch, said the Quincy Police Department’s server and network “showed signs of disruption” Thursday morning, which alerted the city’s IT department to something that wasn’t happening. was wrong. The employees of this department then found text files on the servers asking for money in exchange for the return of data.

This weekend: Quincy supports former high school basketball player battling cancer

The city did not respond to the hacker and instead contacted cybersecurity contractors to track down the source of the attack, identify the corrupted data, and scan every computer connected to the city’s network for any signs that the hackers still had access. Walker said they don’t yet know who is responsible.

Of the 60 servers the city maintains, he said 32 were deemed safe and back up and running Monday. He said the city is prioritizing servers belonging to “critical” departments such as the school system and fire and police departments, as well as the city’s financial software. Some systems, including the city’s shared file drive, were still down Monday night.

The hack also affected the emails of some Quincy School employees and Aspen, the online app the district uses to communicate with parents.

“Quincy Public Schools, as well as departments across the city, are currently having issues accessing our email and Aspen apps,” the district told parents Thursday.February 3. “We are working with the City of Quincy’s IT department to resolve this issue as soon as possible.”

Update: The feds are liquidating the pension fund of Quincy crook Scott Wolas

Real Estate South Shore: Our latest list contains 20 of the most expensive homes recently sold on the South Shore

The city’s servers store employee information, but Walker said it’s stored in encrypted software that doesn’t appear to have been hacked. Information about students enrolled in the school system is kept on a separate server, which Walker said hackers do not have access to.

The city does not keep residents’ financial information. All online payments are made through third party providers.

Walker said officials don’t know if the hackers actually obtained any data when they broke in, but “investigators have yet to see evidence of anyone buying data from us on the dark web.”

“We are cautiously optimistic that due to the quick response from our IT team, this is an inconvenience more than anything else,” he said. “But obviously these are the times we live in, and we’re absolutely going to be looking at our network security to see what improvements can be made.”

The city entered into a $100,000 emergency work order with its security contractor to deal with the attack.

Quincy victim of a phishing scam

Emails from municipal employees were also hacked in 2018 and strange messages were sent from @quincyma.gov addresses.

Walker said at the time that the city’s emails were hacked and used for an online phishing scam. He said the city had been hit by the Emotet or TrickBot virus, both of which were spread by sending emails containing infected attachments.

“Basically all municipal services have been affected,” he said.

‘True Hall of Famer’: Cerebral palsy never slowed N. Quincy’s Mike Leith on the court

Sushi, spring rolls, sea bass: Asian flavors spice up Nomai, Hingham’s new restaurant

Email phishing is a cyberattack method that is occurring more frequently. In a phishing scheme, hackers send emails that appear to come from legitimate sources and include a link or attachment that typically requests information such as credit card numbers, account numbers, passwords and usernames.

In the 2018 case, the attachments looked like invoices, Walker said.

After the 2018 hack, Walker said the city brought in security contractor Sophos to beef up security.

“They are an industry leader and protect all of our systems,” he said. “We were able to solve a number of problems thanks to them.”

Thursday’s attack appeared to be more sophisticated than those of the email phishing scams.

“In this case, the hackers penetrated directly into the network,” Walker said Monday.

New Bedford officials said they were also recently hit by a ransomware attack. On Jan. 27, some New Bedford Police Department workstations were hit by a ransomware program, officials said.

City spokesman Mike Lawrence said New Bedford had not engaged in any communication with the threat and therefore could not determine the attacker’s motive, but acknowledged that the primary motive for such attacks was usually the ‘silver.

Thank you to our subscribers, who help make this coverage possible. If you are not a subscriber, please consider supporting quality local journalism with a Patriot Ledger subscription. Here is our latest offer.

Standard-Times digital producer Linda Roy contributed to this report. Contact Mary Whitfill at [email protected]

This article originally appeared on The Patriot Ledger: Quincy works to restore access to city servers after cyberattack