City of Pensacola Recovering From Ransomware AttackFBI: Incident Doesn't Appear Related to Last Week's Naval Air Base Shooting
Update: The strain of ransomware involved in the city of Pensacola attack has been identified as Maze, according to the Pensacola News Journal. Late on Wednesday, the city issued an update on the situation, saying that its technology resources staff was “continuing to make progress checking and restoring servers.” The city did not offer an estimated completion time. “We are looking into bringing in outside experts to assist with assessing potential data impacts,” the statement says.
See Also: Top 50 Security Threats
The city of Pensacola, Florida, on Tuesday was still recovering from a Saturday ransomware attack that occurred just one day after a shooting incident at Naval Air Station Pensacola. But the FBI reports that it has not identified a connection between the incidents.
In a statement issued Tuesday, the city says its IT staff was still working to address a “cyber incident” that occurred early Saturday morning.
”For security reasons, specific information about how the attack occurred will not be released,” the statement notes.
A city spokeswoman, however, confirmed to Information Security Media Group on Tuesday that the attack involved ransomware. But she said the city is not releasing details about the strain, whether a ransom was demanded and whether the city paid. Ransomware has been involved in numerous other cyberattacks against cities in Florida and elsewhere this year.
In a more detailed statement issued on Monday, the city says that as a result of the incident, its “technology resources staff” disconnected computers from the city’s network until the issue can be resolved.
”The City of Pensacola has remained operational throughout the incident, but some services have been impacted while the network is disconnected, including city email; some city landlines, 311 customer service, and online bill payments, including Pensacola Energy and City of Pensacola Sanitation Services,” the Monday statement notes.
”Emergency dispatch services and 911 were not impacted and continue to operate normally,” according to the statement. “Additionally, the city’s website and online permitting services remain operational.
The city's spokeswoman says the city does not yet have an estimate on when services will be fully restored, but its technology resources staff is working to restore all network servers. As of Tuesday, email servers were restored, but not all employees had regained access yet, she says.
”In light of the shooting Friday at Naval Air Station Pensacola, the City of Pensacola notified the FBI, Department of Homeland Security and Florida Department of Law Enforcement about the incident as a precaution,” the city said.
The FBI office in Jacksonville, Florida, on Monday confirmed in a tweet that the FBI was notified by the City of Pensacola about “a potential cyber-related incident,” adding that the FBI was providing resources to assist. That tweet was followed up a few hours later on Monday with a new tweet saying the FBI “has not identified a connection” between the cyberattack on the city of Pensacola and the naval air station shooting on Dec. 8.
The FBI has not identified a connection between the cyber incident reported by the City of Pensacola and the NAS Pensacola shooting. Our preliminary investigation continues. https://t.co/GOhMyRsOcA— FBI Jacksonville (@FBIJacksonville) December 10, 2019
The shooting at the Navy air base, allegedly by a Saudi air force trainee, resulted in the deaths of three U.S. sailors and injury of at least eight others, the Washington Post reports.
String of Attacks on Cities
The city of Pensacola, which has a population of about 53,000, is the latest in a series of U.S. cities, including several in Florida, to fall victim to cyberattacks. Those incidents have generally involved ransomware.
The largest city targeted, Baltimore, struggled for months to fully recover from a ransomware attack in May (see Baltimore Ransomware Carnage Compounded by Local Storage).