SAMMAMISH, Wash. - The hack of an Eastside city's computers may mean more hacks for ransom in the future.
Sammamish discovered its computers were compromised two days ago. Now the city has created a hub online to track progress as it recovers from the attack.
Sammamish isn't the first Eastside city to be hacked. It happened in Yarrow Point in 2017. Then the culprit was a phishing email that someone opened.
No one knows just what caused the attack here in Sammamish. But one cybersecurity expert says there are ways to minimize the damage before and after an attack.
For two days, work at the Sammamish City Hall has slowed to crawl as high tech computers have given way to paper and pen. The city, a victim of a ransomware attack.
"Unfortunately, it's not terribly surprising," says Tim Helming, director of product management for Seattle-based DomainTools. He says a lot of entities are vulnerable to cyberattacks.
"Anytime you've got some sort of organization," he said. "It could be a city. It could be a hospital. It could be a private sector company. Where there's data, and there's always data, and where an attacker finds a way in, ransomware as will occur in the tech vector."
Scroll down to continue reading
More news from KIRO 7
- Bus carrying Stanford track team catches fire on I-5 in Seattle
- PHOTOS: Bus carrying Stanford track team catches fire on I-5 in Seattle
- GRAPHIC WARNING: Rarely-seen photos show serial killer Ted Bundy's crime scenes
- Body of man found in ditch in Renton
- Do you have an investigative story tip? Send us an email at firstname.lastname@example.org
Sammamish is just the latest high-profile victim. Since Wednesday, the city has hired a cybersecurity firm to help determine how far the ransomware attack went and how many of the city's files may have been corrupted.
As for the ransom the attacker is demanding, the Sammamish Mayor Christie Malchow said the city is resisting so far.
"The suggestion is that you don't pay it because there is not a guarantee that you'll ever get your data back," she said. "But I think LMG, which is the security firm that we now have in, will guide the city in making a decision on whether or not that is a wise idea."
"You know you'll be out the money." he says. "You don't know if you'll get your files back."
And Helming says there are ways to avoid paying the ransom. One way is if the city has backups that were not infected by the ransomware, many of the files can be restored. Also, this particular ransomware may have already been broken by security researchers, so the key to decrypting the files may already be available.
"I certainly recommend for anybody that's gotten hit with ransomware, don't assume all is lost," Helming advises. "Do some homework, do some research. You may be able to find the key to crack that and decrypt your files."
Of course, the best defense is a great offense. Since a lot of malware comes through phishing emails, Helming says cities should offer comprehensive training so workers can more easily spot infected emails. And the system's firewalls should always be up to date.
But Helming says ransomware attacks are likely too lucrative for them to just stop.
"So this is going to be with us for a while."
There is some good news here in Sammamish. The police weren't affected by this attack and neither was 911.
© 2019 Cox Media Group.