Details Still Few In City Of Albany’s Ransomware Attack

Apr 5, 2019

The city of Albany is recovering from what the mayor called a "ransomware attack."

Mayor Kathy Sheehan employed social media March 30th to announce an attack took place early that morning and sent officials scrambling to get affected services back up and running.

During a follow-up news conference two days later, Sheehan stressed no one's personal information had been taken in the attack. A scheduled "City Hall on the road event" had to be canceled.

Brian Nussbaum is assistant professor at the College of Emergency Preparedness Homeland Security and Cybersecurity at the University at Albany.   "Ransomware is a very tough problem, because by the time you're infected there's very little you can do about it, so you really are facing the question of paying the ransom or not paying the ransom."

Albany got a lucky break of sorts. The way the city's computer system was built up piece by piece over the years apparently kept the worst ransomware could do at bay.  City Treasurer Darius Shahinfar: "The city has not paid anything, that I'm aware of, for the ransomware."

The Albany Police Officers Union posted on Facebook that its officers could not access any service or program dependent on an internet connection, and computers aboard patrol cars were affected.

Officials emphasized that at no time was the city's ability to dispatch police or fire to emergencies affected.

"I'd leave the comments really for the administration to make but we are, my office is functioning, very little loss of even employee time, in my office," said Shahinfar.

The mayor confirmed that city payroll was among services caught up in the breach. "We have informed our employees that they will get paid. We're gonna do everything in our power to ensure that we pay our employees. At this point in time thay are tracking their time on paper time sheets as we go through the various systems that were impacted."

11th ward Common Councilor Alfredo Balarin says the panel discussed the issue.   "It's something that unfortunately happens when we start improving our technology. It's such a recent change that we've been increasing our technology that we still know how to use the old paper system. We'll be able to get through this and I think we'll be stronger and better to make sure it doesn't happen again."

The mayor insisted the attack did not compromise personal information about city workers or residents who may have conducted credit card business with the city, as that type of financial information is never saved. "We have notified our employees that out of an abundance of caution we are going to provide them, if they want it, with credit monitoring services."

Nussbaum, from UAlbany, says cybercrime is an incredibly tough nut for authorities to crack.   "One of the things that cybercriminals exploit, in addition to the anonymity of the internet is the fact that coordinating law enforcement efforts across jurisdictions is very, very hard.  So, being in another country is often enough to sort of make these logistical challenges on the law enforcement side such that it is hard to either arrest and or get the person back to stand trial in the jurisdiction where their crime was committed."

Meanwhile, the city has not revealed the type of ransomware it was infected with, if it knows who was behind the attack, or where it originated from.