FREEPORT — The town’s municipal computer network is back up and running after a cyberattack one week ago that has been linked to Russian criminals and a global ransomware group, the town manager said Tuesday.
Logically, a national information technology provider based in Portland, brought down the town’s network around 1 p.m. on June 8 after it detected a cyberattack, Town Manager Peter Joseph said. While the move successfully contained the attack, it shut down phone and online communications and disrupted municipal services across every department.
The attack came with a ransom note directing the town to pay $10,000 in cryptocurrency through Avaddon, a ransomware group responsible for numerous malware incidents since 2020, Joseph said. The town didn’t respond to the note, paid no ransom and experienced no data breach, he said.
“Our opinion is the attack was only partly successful and was stopped early,” Joseph said, emphasizing that no sensitive data was released, including that of town residents.
Joseph said the attack has been reported to the Maine State Police Computer Crimes Unit, but no one had contacted him yet to investigate the incident. Exactly who was behind the attack is unclear, Joseph said, but it is believed to be a criminal operation based in Russia or a neighboring republic.
Bleeping Computer, a tech news website, reported Friday that Avaddon had shut down its ransomware, likely because of increasing pressure by police agencies and governments worldwide, as well as President Biden’s plan to discuss cyberattacks with Russian President Vladimir Putin in Geneva on Wednesday.
Freeport’s cyberattack is the latest on a municipal computer network in Maine and one of a growing number of similar incidents.
The Presque Isle Police Department was hit by an Avaddon ransomware attack that came to light in April, when the town refused to pay a ransom and hackers dumped 200 gigabytes of data on the dark web. And when the Rockport Town Office was hit in 2018, municipal officials also didn’t pay a ransom and IT staff worked throughout the weekend to restore encrypted data.
While larger malware incidents like the recent Colonial Pipeline hack get a lot of attention, attacks on smaller targets wreak havoc, too, and many don’t make it into the news. The FBI receives two to three reports each week of ransomware attacks in Maine, The Associated Press reported.
Joseph said the town had security systems to detect the cyberattack and the municipal network was not disabled by the attack.
Freeport town offices remained open as usual during the phone and internet outage, but it made many basic municipal functions inconvenient or impossible, such as paying property taxes with a credit card or using the computerized book catalog at the public library.
Residents were still able to call for emergency assistance from Freeport’s police and fire departments by dialing 911 because the neighboring town of Brunswick has dispatched emergency services for Freeport for several years.
Logically continues to monitor the network at a heightened level and a data forensics team is assessing what happened during the attack, Joseph said. A report on their analysis is expected in two weeks.
For now, Joseph is crossing his fingers and knocking on wood.