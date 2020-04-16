The city of Paducah fell victim to a ransomware attack earlier this year, resulting in a roughly $30,000 insurance payout to a “threat actor,” a criminal investigation and efforts to bolster security for its information technology systems.
It took another step Tuesday for enhanced IT protection.
The city introduced an ordinance during Tuesday’s video conference meeting for a $45,000 professional services agreement with Kroll Associates to receive endpoint IT protection, including incident response, remediation services and threat detection services. The firm would provide endpoint protection for 300 city computers and devices ($150 cost per device), according to meeting documents.
If approved, Kroll Associates’ contract spans one year and automatically renews for one-year periods unless either party gives a written termination notice. The ordinance vote is expected for April 28.
“The hardest part about security is that for most people and us included, and most of the firms that you work with, whenever it’s 4:30 or 5:30 or 6 o’clock or whatever time it is, everybody goes home and you monitor it remotely,” said Stephen Chino, the city’s information technology director.
“And we do have the capabilities to monitor remotely ... but what this does is it also has an extra set of eyes, a professional service that’s watching 24/7, in addition to you, on (everything) that you have protected, and if you see something, they respond within seconds.”
The service helps overcome and close a response speed gap, responding to threats quicker with real time monitoring and IT security protection. It’s like having “another staff” or security team, as Chino described, that helps watch the door when they’re eating dinner or doing other tasks.
“We think this is a very sound decision for the city and we’re excited about it,” City Manager Jim Arndt said.
He also said Kroll Associates was part of the city’s response to the initial ransomware attack.
The city became aware of the ransomware attack on Feb. 1, during which an unknown third-party encrypted data files and later demanded ransom for restored access.
It was later decided to buy decryption keys from the threat actor after the city worked with its insurance provider and consultants. The city had a $5,000 deductible and some costs to replace older IT equipment, such as servers. However, city officials indicated no sensitive information was thought to be taken.
Arndt said the internal investigation is completed and its insurance provider closed out the incident, but the criminal investigation is still underway.
“We actually went through our insurance company that helped us with response to that and part of that response was Kroll came to play, and they had endpoint protection and 24-hour, seven day a week monitoring for us and that puts us where we really need to be,” Arndt said. “That really steps up our game when it comes to digital security.”
While the city always had endpoint protection, Chino agreed the service takes protection to another level and the city’s never done 24-hour endpoint monitoring before. It also involves installing software on city machines that’s picked up by Kroll Associates’ software, as part of the IT protection.
“We’ve found out more than ever now that — like we said before — the bad guys only have to be good once and we have to be good every day, so we continue that mantra,” Chino said.
