Foreign cyberattackers invaded and held the city of Braham’s domain administrator account for ransom.
The invasion occurred on June 8 at approximately 3:42 a.m. and compromised full access to eight city computers. Braham City Administrator Angie Grafstrom said the attackers were from Russia, according to intelligence.
“As a result, all our data was removed from three computers, including the server, and held for ransom,” Grafstrom said during the Braham City Council meeting on July 6. “When we came into the office at 8 a.m., if you attempted to open any document on the three computers, all you got was the ransom note.”
Grafstrom contacted the city’s internet provider and tech support and learned that the League of Minnesota Cities insured Braham up to $250,000, including the payment of ransom, she said. The city was responsible for paying its $1,000 deductible, she added.
The League assigned the city a legal team that included McDonald Hopkins and a tech/negotiator Arete.
“They went to work immediately, negotiated with the threat actors and were able to get us the three decryption keys for our systems,” Grafstrom said. “Just like any ransom attack, we needed them to verify proof of life of our system before we paid, then proof of decryption.”
The team worked together to negotiate with the cyberattackers. Initially, the attackers demanded $75,000 before they accepted to release the city’s computers. The negotiation also involved the attackers having to prove “signs of life” on the computers, Braham Mayor Tish Carlson said.
Due to the negotiation efforts, the team and attackers settled on $17,742 in cryptocurrency, Grafstrom explained.
“We paid the ransom, and we will pay the fees for the team that helped us, then get reimbursement from insurance,” she said.
Grafstrom said the ransom negotiation, response, forensic analysis, report of findings and others amounted to $46,973, including an additional cost of bitcoin purchase and a 2% transaction fee.
“To protect us during their investigation, they installed SentinelOne on our computers,” she said.
Grafstrom explained the legal team’s fees were $565 per hour for the lead attorney and $360 per hour for the other attorney at the League’s rate of 10% off discount.
“This is considered a terrorist attack by the U.S. government, and we had to report it to the FBI,” Grafstrom said. “As we paid the ransom, the legal team assigned by the League had to file a report on this with the FBI as well.”
The city contracted with Arete to provide Managed Security Services for the City Hall for $1,344 per year ($14 per computer per month).
“Additionally, we have decided to ... add this protection at the liquor store,” Grafstrom said. “The police and water/wastewater already have their own added protection.”
Cyberattackers are known to re-attack 80% of the time, which is why having security protection is necessary, Grafstrom said.
“These attackers have been able to get into systems through Alexa, thermostats and Roombas, which also use (the) internet,” she said.
