Troup confirms cyber attack on city was ransomware

QUINCY (WGEM) - Quincy Mayor Mike Troup now says the cyber attack that has hobbled the city’s technological infrastructure was indeed a ransonware attack. He said the investigation into the attack discovered last week a request for a ransom to provide an encryption key to unlock hijacked data.

The mayor made the admission Tuesday morning during a news conference at City Hall. This comes after Troup told WGEM News on Friday the attack was not a ransomware event. A statement Monday morning from a Chicago attorney on behalf of the city and Quincy Public Library also said the root cause of the incident had not yet been determined.

Troup on Tuesday said it does not appear any personal information about city employees, residents or customers was stolen.

“It does not appear that any information was taken from our system that would harm any individuals,” Troup said.

Troup said the amount for that ransom was under a half-million dollars and that the city has committed about $650,000 toward mitigating the attack so far. That includes about $145,000 in consulting contracts approved Monday night by the City Council. Most of that would be reimbursable though insurance carriers, the mayor said. He said he was “not at liberty” to disclose the specific amount to pay for the encryption key.

While the city does not know the entry point for the attack, it does believe the attack began on Saturday, May 7.

It initially affected the Quincy police and fire departments. The following Monday, city workers discovered after coming in to work that email and phone systems had also been affected.

“But I think there’s only a handful of city employees that are not able to use their emails now,” Troup said, though he said he is one of those people who does not yet have email access.

The mayor also said the attack is not believed to have originated locally.

“It’s clearly not a local player,” Troup said. “And we don’t think that it’s anyone from Illinois. We don’t think it’s anybody domestically. We don’t know who it is. But (investigators) through the investigation so far, we believe or they believe they’ve ruled out that it’s any domestic player.”

He said the city is following state and federal guidelines to address the situation.

“We do have a pending open file with the FBI,” Troup said. “So they’re the agency that takes a look at how and what we’re doing with any cyber attack. And so they’re involved, and our outside consultants are working with the FBI on our behalf, as well.”

Troup said it could be another month before the city knows the full extent of the attack.

“It’s going to be closer to a month to know everything that happened, and to verify that the information was not negatively impacted,” he said. “I think after that we then take a look at what we can do to make the improvements. So sometime about a month, we should start getting that last part of the questions: What do we need to do to strengthen the system, put up higher walls or other blocking mechanisms to avoid anything like this from reoccurring?”

Copyright 2022 WGEM. All rights reserved.