Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management

City of Pensacola Recovering From Ransomware Attack

FBI: Incident Doesn't Appear Related to Last Week's Naval Air Base Shooting
City of Pensacola Recovering From Ransomware Attack

Update: The strain of ransomware involved in the city of Pensacola attack has been identified as Maze, according to the Pensacola News Journal. Late on Wednesday, the city issued an update on the situation, saying that its technology resources staff was “continuing to make progress checking and restoring servers.” The city did not offer an estimated completion time. “We are looking into bringing in outside experts to assist with assessing potential data impacts,” the statement says.

See Also: OnDemand | Defining a Detection & Response Strategy

The city of Pensacola, Florida, on Tuesday was still recovering from a Saturday ransomware attack that occurred just one day after a shooting incident at Naval Air Station Pensacola. But the FBI reports that it has not identified a connection between the incidents.

In a statement issued Tuesday, the city says its IT staff was still working to address a “cyber incident” that occurred early Saturday morning.

”For security reasons, specific information about how the attack occurred will not be released,” the statement notes.

A city spokeswoman, however, confirmed to Information Security Media Group on Tuesday that the attack involved ransomware. But she said the city is not releasing details about the strain, whether a ransom was demanded and whether the city paid. Ransomware has been involved in numerous other cyberattacks against cities in Florida and elsewhere this year.

Recovery Process

In a more detailed statement issued on Monday, the city says that as a result of the incident, its “technology resources staff” disconnected computers from the city’s network until the issue can be resolved.

”The City of Pensacola has remained operational throughout the incident, but some services have been impacted while the network is disconnected, including city email; some city landlines, 311 customer service, and online bill payments, including Pensacola Energy and City of Pensacola Sanitation Services,” the Monday statement notes.

”Emergency dispatch services and 911 were not impacted and continue to operate normally,” according to the statement. “Additionally, the city’s website and online permitting services remain operational.

The city's spokeswoman says the city does not yet have an estimate on when services will be fully restored, but its technology resources staff is working to restore all network servers. As of Tuesday, email servers were restored, but not all employees had regained access yet, she says.

FBI Investigates

”In light of the shooting Friday at Naval Air Station Pensacola, the City of Pensacola notified the FBI, Department of Homeland Security and Florida Department of Law Enforcement about the incident as a precaution,” the city said.

The FBI office in Jacksonville, Florida, on Monday confirmed in a tweet that the FBI was notified by the City of Pensacola about “a potential cyber-related incident,” adding that the FBI was providing resources to assist. That tweet was followed up a few hours later on Monday with a new tweet saying the FBI “has not identified a connection” between the cyberattack on the city of Pensacola and the naval air station shooting on Dec. 8.

The shooting at the Navy air base, allegedly by a Saudi air force trainee, resulted in the deaths of three U.S. sailors and injury of at least eight others, the Washington Post reports.

String of Attacks on Cities

The city of Pensacola, which has a population of about 53,000, is the latest in a series of U.S. cities, including several in Florida, to fall victim to cyberattacks. Those incidents have generally involved ransomware.

The largest city targeted, Baltimore, struggled for months to fully recover from a ransomware attack in May (see Baltimore Ransomware Carnage Compounded by Local Storage).

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.