The City of Livermore is still tallying the cost of rebuilding its communications infrastructure following a disruptive ransomware attack that shut down phones, email and computers at city hall last month.

It is believed cybercriminals quietly inserted a malicious code into the city’s computer system using malware-infected attachments. After lurking undetected for weeks or months, the virus encrypted the city’s computer files, preventing city employees from using computers, accessing phones, email and various documents stored on computers.

The culprits demanded the payment of a ransom in exchange for a decryption key that would supposedly unlock the information.

However, the payment of a ransom was an option the city never entertained, Livermore City Manager Marc Roberts said.

The city is insured against cyber attacks, Roberts said, and the policy will help pay for contractors to conduct a forensic investigation of the attack and for much of the recovery work. Roberts said the total expense of restoring the system should be determined within the next few weeks.

The FBI urges victims of ransomware not to pay the ransom to cybercriminals and to report attacks to the local FBI field office and its Internet Crime Complaint Center as soon as possible. Roberts said the attack was reported to the FBI and the city shared technical information that could help track down the criminals.

As of press time, Roberts estimated recovery of the city’s computer system was roughly 90 percent.

While the attack was disruptive, the city’s practice of regularly backing up data to remote servers, not connected to the infected computers, helped contain some of the damage, Roberts said. In addition, the city does not retain personal financial data on its systems, such as credit card numbers for water and sewer customers, so no personal financial information for those who do business with the city was compromised.

Moving forward, Roberts said the city, working with cyber-security consultants, will look for ways to improve the security of its systems through modernization, migrating data to the cloud, staff training and the adoption of some additional information security policies and best practices.

The virus was first detected on Aug. 27 when city employees discovered emails with malware-infected attachments were being sent out from hijacked city email accounts.

The attack resulted in the complete loss of the city’s phone system for a few days and the loss of email for more than a week. Some data, including Geographical Information System files, were inaccessible for about two weeks.

While the city’s 911 system was not impacted, the attack knocked out a computer-aided dispatch system used by the Livermore Police Department. It also temporarily prevented police officers from obtaining law enforcement records from the field, although records were still available at the police station, Roberts said.

Cyber Safety Tips

Examine the email address and URLs in all correspondence. Scammers often mimic a legitimate site or email address by using a slight variation in spelling.

If an unsolicited text message or email asks you to update, check, or verify your account information, do not follow the link provided in the message itself or call the phone numbers provided in the message. Go to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.

Do not open any attachments unless you are expecting the file, document, or invoice and have verified the sender’s email address.

Carefully scrutinize all electronic requests for a payment or transfer of funds.

Be extra suspicious of any message that urges immediate action.

Confirm requests for wire transfers or payment in person or over the phone as part of a two-factor authentication process. Do not verify these requests using the phone number listed in the request for payment.