ARTICLE AD BOX
St. Paul city officials say they hope to get systems back online by the end of the week, after what they’re calling a ransomware attack. They said they have not paid the ransom.
Mayor Melvin Carter says the city is going through “Operation Secure St. Paul,” which includes manually resetting the passwords of 3,500 city employees.
To explain what a ransomware attack is, professor Faisal Kaleem joined Minnesota Now with Nina Moini. He’s the director of cybersecurity and cyber operations programs at Metro State University.
The following conversation was edited for length and clarity. Use the audio player above to listen to the full conversation.
Describe what a ransomware attack is.
In a technical term, it's essentially a digital extortion. A criminal locking up your data and demanding payments to give it back. Think like a burglar sneaking into your office, locking every filing cabinet and leaving a note saying you cannot get your papers back unless you pay. You are talking about a malware or a malicious software that locks your files or system until you pay a ransom.
Other than money, what would a ransomware attacker want from the city of St. Paul?
I would say that this appears to be what we call a double extortion attack. What that means is that not only are they claiming that they have locked the data, but then, let's say the city said they're not going to pay the ransom, the attacker might be threatening to leak the data. So that's the definition of double extortion attack.
Are there other options to solve the problem beyond paying a ransom?
This is where the term resilience is coming. Resiliency simply means that city of St. Paul might have maintained good backup of the data. So if they are not paying the ransom, and if they were able to shut down the system as soon as they detected those activities, that means that they actually have maintained some good data backup, which means that they should be able to restore the majority of the information if they decided not to pay the ransom.
Do you have any idea of the scope of what undertaking something like this would cost the city?
The recovery costs often exceed the ransom demands, because sometimes it involves a system rebuild. Then there are legal expenses, then there are preventive upgrades. There are operational disruptions.
But on top of that, with this kind of event, unfortunately, I always say that reputation and trust is also a big cost. Residents expect data protection and uninterrupted services. An attack like this can erode that confidence.
In case of, let's say, data leakage, even after recovery, sensitive information could be leaked online, creating long term harm.
English (US) ·