A review of the cyberattack sustained by the city of Pensacola, FL has revealed that hackers stole about 6GB of data from the municipality.
The city hired Deloitte & Touche, an international professional services company, to conduct an assessment of the cyber incident that occurred last year. The report was completed and turned in to the city earlier this year.
Although the city kept the full report confidential under state open records law, it disclosed to the public the executive summary earlier this week, Pensacola News Journal reported.
Pensacola’s network was hit with ransomware on December 07, 2019, which encrypted affected computers and prevented users from accessing their data. The cybercriminal group Maze claimed responsibility for the malware attack. To prove their involvement, the attackers published over 2GB of stolen data on a public website, which has since been taken down.
According to the report by Deloitte & Touche, the attackers only managed to steal about 6GB of data, despite claiming that they had made off with 32GB of sensitive information. The report also noted that the attackers had potential access to city databases containing personal data, but there is no evidence to suggest that the perpetrators managed to access that data.
Deloitte & Touche also noted in its report that the attackers appeared to be from Estonia, and managed to access the city’s network through two suspected systems. When the attackers made it inside the network, the ransomware easily spread due to the network’s “lax firewall rules.”
When the ransomware first hit in December, city IT staff shut down the computer network to prevent the attack from spreading. This led to several of the city’s functions – online services, phone and email systems – shutting down for several days.
Pensacola did not pay the ransom to have the malware lifted, but the city was able to restore its systems thanks to backups. The municipality also notified some 57,000 people that it would pay for one year’s worth of identity protection.
The report recommended that the city should work on several areas for improvement. Pensacola should consider hiring dedicated security staff, develop a more robust incident response plan, and conduct regular assessments of its security posture.
Despite the shortcomings it found, Deloitte & Touche’s report praised the city’s backup system and its decision to pay for identity protection.