“It allows council to authorize me, in an emergency like this, to spend up to $350,000 without asking them any more permission,” Dzik said Tuesday. “Normally, if I want to use the services of a particular vendor, and it costs more than $25,000, I have to ask for specific council permission. Basically, council is allowing me to spend to fix this problem without having to wait for them to give me the okay.”
Dzik noted the city does have cybersecurity insurance coverage which will cover a portion of the costs associated with the attack, the full financial effect from which is still unknown at this time. What is not covered under the insurance plan will be paid for out of the city’s general fund, he said.
City spokeswoman Sarah Williams said the attack was discovered at 8:13 a.m. Sunday. The ransomware attack has locked city employees out of the systems they use to keep track of data. Williams said the city is working to restore the data from backups and perform a forensic analysis on the computers.
“Our third-party vendor is currently collecting all the forensic evidence off of our systems so that the forensic investigation firm can begin analyzing it and let us know how to best restore our systems,” Dzik said, adding that the entire process may take up to around three weeks in total.
“But that’s not three weeks of system outage, that’s just three weeks to wrap up the whole process,” he said.
He declined to disclose the name of the third-party vendor assisting in the investigation, citing security concerns.
“We don’t release that information because if the threat actors know who (the vendor) is, they can start messing with them to further affect our operations,” he said.
At this point, Dzik said it is unknown if the attacker will hold any city data for ransom.
“We don’t know yet in our situation, but sometimes they will take data from the system and hold that for ransom, so that’s where we get into issues of personal information and things like that,” he said.
It’s also not clear if any resident information is affected by the attack.
“We don’t know enough yet to know if any resident data has been compromised, but when we do, we will notify anyone affected,” Dzik said.
This isn’t the first ransomware attack Dzik has dealt with in his career. Less than a year ago, while employed as the safety services director for the city of Mount Vernon, a cyber attack left that city in a similar situation.
According to the Mount Vernon News, the breach occurred through a remote access tool used by the city’s information technology provider. Mount Vernon’s municipal court, the police department, auditor’s office, and public works department was affected, the Mount Vernon News reported.
Dzik declined to speak at length about the Mount Vernon issue, stating he is not at liberty to do so since he is no longer employed by the city. He said he does not think the two situations are related.
“My belief is that this is a coincidence (because) it’s two different types of ransomware that were used,” he said. “And from what I’m understanding, our third-party vendor does not believe this is a targeted attack or that they picked (Huber Heights) specifically.”
According to Dzik, the city obtained new devices Tuesday, including laptops, that have never been connected to the now-compromised network.
“This will allow us to begin some basic operations in the city,” he said, which will include functions like zoning, permitting, and code enforcement.
Other city divisions impacted by the attack included utilities, tax, engineering, finance, human resources and economic development. Dzik said the billing systems for utilities and taxes will be impacted for at least a week.
The city is waiving late fees for utility payments this month and will not be conducting any shutoffs this month, he said.
If any resident wants to pay utilities this week, they would need to bring a copy of the bill with them, Dzik said, and a cash or check in the exact amount. The city does not have access to individual bills on their end at the moment and cannot process credit cards.
About the Author