Pensacola Recovering from Cyber Battle

Dec 12, 2019

Credit mit.edu

The cyber-siege involving the city of Pensacola continues, as does the work to eradicate it. City officials say slowly but surely, the comeback is underway.  

Officials became aware of the cyberattack early Saturday morning, with much of the city's computer systems remaining offline for most of this week. Hit the hardest were city phones, the 311 customer service line and online payment.

“Some of our services here in the city – online payments for Pensacola Energy and sanitation have been down; but as of (Thursday) morning they are now restored, so those are available again,” said Kaycee Lagarde, the city’s public information officer.

Not affected was access to public safety – 911, first responders, and Pensacola International Airport. Lagarde says the majority of services are back online, and the IT department is making progress.

“Working to get computers up and running, going department by department; that will take some time,” Lagarde said. “As of Monday it was affecting our ability to send and receive emails, but that was restored fairly quickly.”

Lagarde confirms that the ongoing cyberattack involves ransomware — software that encrypts valuable data and files and prevents access until a ransom is paid. But in regard to a possible ransom demand, for now mum’s the word.

“We really can’t release any additional details about the incident itself because this is an active criminal investigation,” said Lagarde. “We notified the FBI, FDLE, [and] Homeland Security. I believe the FBI is the lead agency on this.” 

There’s been a sharp increase in cyberattacks of late, especially against local governments. Cases in point, two Florida cities – Riviera Beach and Lake City. Each had to pay six-figure ransoms to hackers, who also have hit Ocala, Naples, Atlanta and Baltimore, among others.

“One challenge is that, as organizations and cities continue to expand their cyber defenses, the cyber-criminals are also increasing and advancing their attack scenarios,” said Eman El-Sheikh, director of the Center for Cybersecurity and professor of computer science at the University of West Florida. 

It’s very important, she says, for cities and municipalities to make sure that multiple procedures and defenses – known as “layered security” – are ready for at least the two most common forms of online attacks.

“Phishing attacks – where attackers send email that poses as a legitimate contact; they can install malware or viruses, or penetrate into other systems, El-Sheikh said. “The other is ransomware. Criminals disable the organization from gaining access, and often demand a ransom.”

But, El-Sheikh says there are ways to fight back. Step number one:  update all protective software on a regular basis.

“Cyber-criminals will take advantage of known vulnerabilities; vendors and software and hardware providers are often quick to provide patches for vulnerabilities once they’re detected,” said El-Sheikh. “If you can keep your systems up to date, you limit the extend to which cyber-criminals can take advantage of such vulnerabilities.”

Another key – especially when fending off ransomware – is to back up all of your data, and have multiple backups for your most critical information.

“If you have performed a backup of that data, and that system then you really don’t care; you can restore the backup and continue on with your operations,” said El-Sheikh. “In cases where there weren’t proper backups, then the organization can start paying the ransom or lose critical data.”

Another must-do, says El-Sheikh, is training everyone in an organization – from the board room to the mail room – in cyber-awareness.

“Anybody who has access to a system, a network or a facility, can pose a risk,” said El-Sheikh. “And what we’ve seen was a very large phishing attacks [in which] they started with somebody inadvertently clicking a link on an email that then gave the cyber-criminals access to the system.” 

Dr. Eman El-Sheikh
Credit University of West Florida

While not going into detail, El-Sheikh says UWF’s Cybersecurity Center has reached out to the City of Pensacola. And if there is a silver lining in this dark cloud of cyber-hacking, it could be that it brings some real-life, close-to-home challenges for her students.

“It creates a very valuable learning experience and hopefully, we can work together to make sure that this incident is addressed and localized, and not let it happen again in the future.”

Meanwhile, the feds are doing double duty — investigating the cyber-attack along with last week’s shooting aboard NAS Pensacola by a Saudi flight student, who killed three sailors and wounded eight others. The gunman was killed by deputies. City spokeswoman Kaycee Lagarde says authorities are looking for a possible link between the two.

“That would be part of the FBI’s investigation; I do know that their preliminary statement, at least, was that they had not found a connection at this point,” said Lagarde. “I do understand that, of course, with the timing that’s something that was on everyone’s minds. They are continuing to investigate.”

Two of the eight wounded at NAS remain at Baptist Hospital.

Escambia County’s IT staff has emailed the county commission, directing them to obtain a decryption key from the Tor network, which allows for anonymous web surfing. FDLE says Allied Universal, a security company with an office in Pensacola, was also attacked. Calls to the firm for this story were not returned.