Cause of cyber attack on city computer systems still undetermined as city, library issue joint statement

QUINCY — A Chicago attorney from a national law firm issued a statement Monday morning on behalf of the city of Quincy and the Quincy Public Library, saying the cause of the May 7 cyber attack on the city’s computer systems has not yet been determined.

City employees have not received or sent emails on their city accounts from city computers for 17 days. However, some employees have accessed their city email accounts from their personal cell phones.

An email titled “Joint Media Statement,” sent by Karen Bridges, an attorney for Wilson Elser Moskowitz Edelman and Dicker LLP, read:

“The city and the library have launched an investigation, with the assistance of third-party computer forensics specialists, to determine the nature and scope of the incident. We are working diligently to investigate the source of the incident, determine its impact on our systems and restore full functionality to our systems as quickly as possible. We have significant resources devoted to this process, and our work to resolve this issue is ongoing. 

“At this time, we have not determined the root cause of the incident or where the incident originated. Any statements to the contrary made by or to the media are inaccurate. Nor have we determined whether sensitive information specific to any particular person, business or other organization is potentially impacted. If this changes as our investigation develops, we will notify those individuals and/or entities directly. We appreciate everyone’s continued patience as we work to respond appropriately to this incident.”

Bridges’ email asks for anyone with questions to send an email to QuincyILInfo@gmail.com.

Quincy Mayor Mike Troup said at the May 9 City Council meeting that the attack apparently started at the Quincy Public Library before spreading through other departments. 

Troup said at the May 16 City Council meeting that he was “feeling better” about the problem being solved. He thought city employees would have access to their emails by the end of the day on May 17. He stressed that many departments, such as sanitation, sewer, the water treatment plant, Central Services and others, continued to do their work without access to email. Payments for utilities are being taken by cash or check, but payment by credit card is still unavailable.

Troup said last week the cyber attack didn’t prevent the city from meeting payroll, but not all vendors were paid.

Asked if he could confirm if the cyber attack was a ransomware, Troup replied, “We don’t. We’re still in a part of that evaluation.”

Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Typically, these alerts state that the user’s systems are locked or that the user’s files are encrypted. Users are told that unless a ransom is paid, access will not be restored.

SecurityWeek.com recently reported the Federal Bureau of Investigation’s Internet Crime Complaint Center received 649 complaints of ransomware attacked targeting critical infrastructure organizations in 2021. In late March, the FBI warned local government entities of ransomware attacks disrupting operational services, causing public safety risks and financial losses.

Often strapped with small IT departments, aging computer systems and limited budgets to allocate to cybersecurity, local governments across the country make for ill-equipped and easy targets for cybercriminals.

Wilson Elser describes itself on its website as the “preeminent defense litigation firm in the United States” with more than 900 attorneys.