Johnson City will have to replace 300 desktop computers after last week’s ransomware attack, costing the city $215,100.
“The city budgets approximately $165,000 each year for the purchase of new computers,” Lisa Sagona, the city’s information technology director, said in a news release issued by the city on Wednesday afternoon. “This purchase simply expedites the existing process for computer replacement.”
The city said it is currently reimaging or replacing all of the organization’s desktop computers following a ransomware attack on city government, which occurred in the early morning hours of Oct. 21.
The city said the new computers are scheduled to arrive in multiple shipments and will be distributed to staff within the next several weeks. The city will also have to reimage 170 computers.
The city provided employees involved in “mission-critical operations” with reimaged computers last week. Other employees have been using the city’s 118 unaffected laptops or sharing computers.
A message from the hackers appeared on city desktops on Oct. 21 notifying employees that files had been encrypted. The message asked staff to contact the hackers by email to have the files unlocked. The city has said staff did not engage the hackers.
Sagona told local media earlier this month that she happened to be in the office at around 5 a.m. the morning of the attack, which the date and time of the encryption indicates began at 12:08 a.m. City staff were able secure the city’s network within a short time after that.
To control any damage resulting from the attack, Sagona the city cut off internet access, turned off computers, shut down its email system and disabled outside accounts.
The attack occurred just three weeks after the city rolled out a hyperconverged storage area network, a tool that the city said enabled it to restore files in less than a day. That upgrade cost the city about $650,000, which Sagona said included five years of maintenance and support that accounts for $185,000 of that figure. Sagona said the only information lost were files saved to individual desktops and some files on hard drives.
Sagona said the city’s financial system and credit card information were not compromised during the attack, and although it did have to complete tasks by paper in some cases, she said city services remained operational.
While the city’s system was down, Sagona said police officers had to issue paper tickets, and staff wasn’t able to handle credit card payments at City Hall for water and tax bills because that system is connected to the internet. In those cases, Sagona said the city directed customers to an online payment system.
The city said in the release that it has placed a priority on additional technology security and noted that the implementation of the storage area network is one of many security enhancements it has completed in recent months.
“In addition to moving forward with the scheduled improvements currently in progress, the IT Department will work with a partner agency to determine if other security measures should be added and provide additional training to city employees,” the city said in the release.