The Richmond Heights, Missouri City Council was the victim of a ransomware attack earlier last month. According to cybersecurity specialists, the police chief mentioned at a meeting that the infection started on one of the City Council’s computers, reaching the city’s servers. However, the website and the city’s email server continued to function normally.
Mayor David Roche’s office mentioned that Richmond Heights systems were infected because someone opened a phishing email. Subsequently, the ransomware encrypted the files and locked the screen of the infected computer to show only the ransom note, where hackers demanded a payment in Bitcoin; the exact amount that hackers demanded is unknown.
During a public appearance, the mayor mentioned: “The attackers entered the computer and blocked access to all our files, then the perpetrators demanded that we pay a lot of Bitcoin to retrieve our information; it’s a kind of extortion.”
After detecting the infection, the local government contacted the state police and the FBI; finally, cybersecurity specialists managed to restore all the compromised information a few days after the attack, so now all city’s systems are running at full capacity. “So far it seems that the city council’s IT systems are working well, we will still keep monitoring the situation to prevent any further attempted attacks,” the mayor said at a City Council meeting.
The police chief added that the possibility of information being extracted before it was encrypted is not yet ruled out, so the FBI will continue to perform scans to detect any potential data breaches.
Richmond Heights’ police and federal authorities will investigate the incident to jointly determine the source of the cyberattack. City authorities also instructed their cybersecurity experts to maintain network monitoring activities as a protective measure against potential new attacks.
Experts from the International Institute of Cyber Security (IICS) have reported multiple similar incidents recently; from ransomware infections in various Florida cities, to the cybersecurity emergency declaration in Louisiana, such attacks against U.S. government organizations are still happening, although a link between the these various cases is not yet established.