Posted on: December 29, 2020 by the City of Cornelia:
City of Cornelia Ransomware Incident
The City of Cornelia is dealing with a ransomware incident that began on December 26. We have anticipated situations such as this and, out of an abundance of caution, we have taken down our network while we investigate and restore our data. We have alerted law enforcement and we are cooperating with their investigation.
First responders and emergency phone lines are unaffected. City operations such as garbage pickup and utility work are proceeding normally. City Hall phones and emails are currently working. However, City administrative software is currently offline so we cannot look up the balance of your bills and cannot accept credit card payments for services at this time.
Ransomware is, unfortunately, fairly common and no entity is immune. We have engaged external experts to help us resolve the matter. According to the them, the business model of those behind the ransomware is typically NOT to profit off of selling the personal information of city employees or our citizens on the Internet – it is to extract a payment from the City itself.
We will provide more information and updates as our investigation progresses. Members of the public with non-emergency requests are asked to contact City Hall @ 706-778-8585.
Of note, it was slightly more than one year ago that it was reported:
GA: Cornelia fends off third ransomware attack of the year, upgrades firewall. So they had upgraded their firewall, invested in a full-time IT employee and support services, and they were still successfully attacked this week.
Cornelia is a small city doing the best they can, it seems. It’s a shame they have to devote so much of limited resources to dealing with fending off these attacks.
Additional details are reported by Joy Purcell on Now Habersham.
h/t, @Chum1ng0