Ilion officials have endorsed new security steps and trained staff last year specifically on looking out for suspicious emails. They have been working with the auditors who identified various security gaps. They haven’t had another attack since, Leonard said.
According to state auditors who investigated last summer, the first email attachment converted all data stored in the system into an unreadable encrypted format. A $300 ransom payment in January 2014 was made as directed, electronically transmitting the number of a prepaid credit card to a designated portal. Ilion’s technology consultant entered the card number to get the decryption keys.
The second email, which also appeared to be for village business, led to more encryption and a $500 ransom payment in May 2014.
“These incidents should be a wake-up call to local government officials around the state,” comptroller Thomas DiNapoli said. “While the dollar amounts were small and no vital information was disclosed, this attack shows how the lack of basic IT safeguards can potentially cost taxpayers and cripple the day-to-day operations of municipalities or school districts.”
The auditors cited user accounts for ex-employees that hadn’t been closed, generic accounts used by more than one individual, lack of a recovery plan for security incidents with backup data, and staying current about ongoing threats.
Village police were contacted, but the hackers weren’t identified, Leonard said.