Is Kentucky city being held ransom? City’s IT networks, servers disabled in computer hacking incident

Published 6:58 am Wednesday, March 24, 2021

The City of Frankfort says it learned of a hack to its servers on Sunday.

Two separate sources with knowledge of the situation — including one city employee — told The State Journal that the city is being held ransom. Both spoke on condition of anonymity.

After an inquiry from the newspaper, the city sent out a news release Tuesday evening saying that it had suffered an “intrusion into the IT network that disrupted access to some computer servers” and that several “internal systems are temporarily unavailable.”

The release did not mention a potential ransom, and Frankfort Mayor Layne Wilkerson did not comment on whether the city was being held ransom.

The release said that an “unknown third party” is responsible for the hack. The city is addressing the issue with “the highest priority,” adding that it is working with independent experts, federal law enforcement and its insurance provider to resolve the situation, per the release.

“Upon discovery, city staff initiated a comprehensive response in accordance with the existing IT incident response plan, including immediately taking some system components offline and engaging independent IT security and computer forensic specialists to help remediate and investigate the incident,” the release read. “The city is coordinating with federal law enforcement and is also receiving assistance from its insurance provider.”

Wilkerson said the city is “being careful with the details and specifics we are providing at this time,” and did not comment on whether any personal information had been collected in the hack.

A city employee said that they were concerned about the hacker having access to information that could compromise city employees’ financial safety.

“It bothers me because everyone’s personal information is on there,” the employee said. “If you can hack a whole city system like that, then you can get into my little bank account and do whatever you want.”

The city’s release said that it “had no evidence that any information has been misused as a result of this incident,” but is conducting a “detailed forensic investigation” of the matter.

It also pointed out that the city website and email had not been affected, and that the city did not anticipate “significant disruption” to citizen services. The release said that public safety systems — including police, fire, 911 dispatch and EMS services — have not been affected.

A potentially similar incident took place in the City of Paducah just over a year ago when Paducah paid out $30,000 in ransom money to gain access to data that a hacker had blocked. That hack was coordinated using ransomware, per the Paducah Sun.

The U.S. Cybersecurity and Infrastructure Security Agency defines ransomware as a software that encrypts key files, allowing the hacker to demand ransom in exchange for their decryption. Ransomware is a growing threat to organizations across the world. Currently, the multinational hardware company Acer is facing a $50 million ransomware demand — that’s believed to be highest such ransom ever requested.

Wilkerson said that any updates on the situation at hand would be posted to the city’s website.

“We are coordinating with law enforcement and skilled outside experts to resolve this expeditiously and responsibly, and we are committed to keeping citizens updated on our progress,” Wilkerson said. “However, I hope you can understand that, because of the sensitive nature of our investigation and our commitment to protect the city’s information, we are being careful with the details and specifics we are providing at this time. Please refer to the city’s website for the most accurate and up-to-date information on this incident.”