x

WPMT FOX43 | News in Harrisburg, York, Lancaster, Lebanon News, Weather, Sports

Borough of Duncannon says it was the victim of ransomware attack last month

The borough said it paid nearly $43,000 to regain access to files, data, email, and other essential information to hackers who accessed is servers on April 10

DUNCANNON, Pa. — Officials from the Perry County borough of Duncannon announced this week that the borough was the victim of a ransomware cyber-attack, and was forced to pay the hackers almost $43,000 to regain access to essential files and other records.

"I feel bad that this had to happen to the town at all," Jeffrey Kirkhoff, Duncannon Borough Council President, said. "I wish we could've known this was coming and taken extra steps."

In a press release on Wednesday, the borough said the cyber-attack occurred on April 10. All of the borough's electronic files, data, and emails were encrypted, and its backup systems were also compromised, the borough said.

The affected data, records, and email included Duncannon's electric supply, water supply, sewer service, trash collection and regular business of the municipality, the borough said. 

Attempts to recover the data were unsuccessful, according to the borough. The attack covered several servers maintained by Splashwire, a Lemoyne, PA-based software company contracted by the borough. 

The hackers then contacted the borough and demanded $50,000 to restore access to the files and data, the borough said. The demand was later lowered to $35,000, but the hackers warned that if the borough did not pay by April 23, the decryption keys would be destroyed.

"We had to look at it and say, 'do we want to pay what came to be $41,000? Or do we want to risk waiting what could've been years to decrypt all this'?" Kirkhoff said. "Knowing for a fact how much if costs to rebuild, I mean our minimum would be hundreds of thousands of dollars."

Kirkhoff said taxpayers won't see an increase in taxes or rates to foot the bill, because the ransom was paid with existing money from all 5 of the borough's funds.

"We put in additional security measures already to protect from this happening again," Kirkhoff said. "We're now looking at maybe a 3rd storage site and also adding local offline backups potentially."

Borough officials say State Police and the FBI were contacted, both by the borough and by Splashwire. 

But the borough "reluctantly decided to pay the ransom sum demanded," officials said in a press release announcing the attack.

The hackers provided the borough with decryption keys that allowed it to regain access to its data, "except for numerous essential files on a virtual server," according to the borough.

An additional $10,000 ransom was demanded to get the decryption keys for that data, the borough said. The demand was later lowered to $5,7800, which the borough also paid. 

At that point, the borough said, the final decryption keys were provided, and the borough regained access to the remaining data. 

All data and systems have now been restored, borough officials said.

"The Borough maintained full uninterrupted control of its bank accounts, including payroll," Duncannon officials said in a press release. "No interruption of service was experienced, nor is any expected. No personal information was compromised."

The borough said it has installed "additional robust security measures" and redundant backup systems since the attack.