Cleveland officials blame ransomware attack for ‘cyber incident’

CLEVELAND – The city of Cleveland has confirmed that the “cyber incident” that disrupted its IT operations this week was the result of a ransomware attack, a development first reported by 3News Investigates on Thursday.

A statement released Friday said the city was “still investigating the nature of the attack as we work to restore our systems. We cannot disclose any further information at this time. While the threat has been identified and contained, this remains a sensitive and ongoing matter.”

Cleveland City Hall will remain closed to the public on Monday, although city officials say “vital services, including garbage collection, recreation centers, airport operations, Cleveland Public Power, water supply and water conservation, are operating normally and working to ensure the continued well-being and safety of our residents.”

SUBSCRIBE TO: Get the most important headlines of the day straight to your inbox every weekday morning with the free 3News to GO! newsletter.

3News Investigates also received the following email from City Hall to Cleveland City Staff:

“After a thorough investigation by our IT Department led by Commissioner Kim Roy Wilson and outside cybersecurity experts including the FBI and the Ohio National Guard Cyber ​​Reserve Unit, we can confirm that the cyber incident that disrupted the City of Cleveland’s IT systems was a ransomware attack. The nature of the attack remains under investigation as we work to recover and restore our systems. We cannot disclose anything further at this time as this is a sensitive investigation.”

3News Investigates has seen screenshots of computers in the city that appear to have been infected with malware. There are indications that this malware is linked to a known cyber gang that has been accused of carrying out ransomware attacks elsewhere in the country.

WKYC is not naming the cyber gang, but according to the FBI, the group has previously used ransomware to encrypt and lock victims’ files before demanding a ransom in exchange for the decryption key. The cyber gang has been blamed for several attacks on U.S. companies and government agencies.

According to Erman Ayday, a professor at Case Western Reserve University and cybersecurity expert, extorting a ransom is often not the main motive for hackers. The information stolen through data leaks is much more valuable to criminals.

“In such a data theft, if the data is sensitive enough and used strategically, the criminals can make much more money than if they just extort the ransom,” Ayday said.

Ayday also pointed to a more sinister motive of hackers targeting local governments: The sensitive data “could be sold to foreign governments.”

“Because it’s a government agency, there’s information about where emergency responders live, information about law enforcement and judges,” he added. “It’s more paranoid in nature, but it happens.”

According to the City of Cleveland, “attacks of this type have increased by over 50 percent in the last six months. This is a harsh reality and shows that no organization is immune to the costs and consequences of their activities in the digital world.”

Want to be one of the first to know the most important local and national news? The latest sports updates? We’ve got you covered! You can download the free WKYC app and have the latest updates delivered to your phone: Android, Apple.