City details efforts to fully recover from cyber attack at AC water plant

SHARE NOW

Comprehensive recovery efforts have Ark City’s water treatment plant operating normally following a ransomware attack that occurred this fall, the city said through a written announcement released Wednesday.

A review ultimately determined that “no sensitive data was accessed or exfiltrated during the attack. However, the event underscored the need to strengthen cybersecurity measures,” according to the city of Ark City’s statement. The attack did temporarily disrupt operations at the Water Treatment Facility.

“This was a significant challenge for our staff, but I’m incredibly proud of their immediate response and the support from our state and federal partners,” City Manager Randy Frazer, said. “Thanks to their dedication and professionalism, we successfully maintained water services and protected critical data. Moving forward, we’re committed to building a stronger, more secure system that safeguards our city’s critical infrastructure and ensures the long-term safety and reliability of essential services for our community.”

Immediate contact with the FBI and Homeland Security’s Cybersecurity and Infrastructure Security Agency helped to stabilize and initiate a thorough forensic investigation. The attack targeted the water plant’s primary server and occurred on Sept. 22.

Backup systems and manual controls allowed water treatment services to be maintained without interruption of service to local residents. The attack required temporary adjustments at the Water Treatment Facility, including round-the-clock staffing, assistance from retired and external operators, and overtime for existing staff.

https://rcbbank.bank/security-center/

The city estimates the incident cost $105,201 for server replacements, software, licenses and technical support. Another $58,550 was spent for forensic analysis, legal guidance, and communications with threat actors, the city said. Insurance is expected to cover most costs that were incurred, minus a $10,000 deductible.

Attackers used a variant known as Hazard Ransomware from the MedusaLocker family.

The city enlisted the help of Cleveland, Ohio-based BakerHostetler as legal counsel and partnered with globally recognized cybersecurity firm S-RM. Both are said to have played critical roles in analyzing the attack and strengthening the city’s defenses.

https://www.arkcityford.com/
https://teamhopper.weigand.com/#section1