Kentucky city spends thousands on ‘IT incident’ — still will not confirm or deny it was held ransom

Published 5:31 am Tuesday, May 18, 2021

Nearly two months after its servers were hacked by an outside entity, the city of Frankfort has paid out around $56,000 in costs related to the incident.

These costs include a commission-approved expense of nearly $36,000 for the purchase of 60 new computers for “updated malware and operating system upgrades,” an endpoint detection and response program to ward cybersecurity threats for nearly $15,000 and a $5,000 insurance deductible to the Kentucky League of Cities, according to a State Journal open records request.

The city still has neither confirmed nor denied whether it was being held ransom due to the breach of its servers.

Two separate sources with knowledge of the situation — including one city employee — in March told The State Journal that the city was being held ransom. Both spoke on condition of anonymity.

Frankfort City Manager Tom Russell, Mayor Layne Wilkerson and IT Director Bobby Ripy all did not respond to a request for comment as of Monday evening.

Ransomware, a software that encrypts key files, allowing the hacker to demand ransom in exchange for their decryption, is a growing threat to organizations across the world. Earlier this month, a group used similar software to temporarily halt one of the largest fuel pipelines in the Southeast; the company ended up paying $5 million in ransom.

During the open records process, Ripy sent a note to City Clerk Chermie Maxwell stating that $18,000 of the cost from the purchase of 60 new computers was deducted from the IT department’s 2021-22 budget.

The city has previously indicated it was engaged with federal law enforcement and its insurance provider in regards to the situation.