‘We weighed the threat’: Grass Valley officials explain decision to pay ransom to hackers
The city of Grass Valley was the victim of a cyberattack, which temporarily compromised some of the city’s information systems and led it to pay the ransom demanded by hackers so as to avoid the exposure of critical data.
Police Chief Alex Gammelgard and Michael Colantuono, an attorney for the city, fielded questions at a Wednesday press conference about the cyberattack, which took place June 29, according to a press release issued Tuesday.
Both officials said much remains unknown about the attack, including information as to the specific cybercriminal entity responsible. That entity is believed to be based in a foreign county, Gammelgard said.
Officials declined to release information on how much the ransom cost the city, the police chief added.
Gammelgard and Colantuono vigorously defended the city’s decision to pay the ransom, asserting that critical data, including confidential information regarding active law enforcement investigations, could have been exposed online had the ransom not been paid.
Gammelgard said that the financial losses Grass Valley suffered from the attack fall well within the coverage limits of an insurance policy held by the city precisely in the event of such incidents.
This type of coverage, commonly referred to as information security and privacy insurance, shielded Grass Valley from having to pay the ransom out of pocket, which was a factor in the city’s ultimate decision to agree to the hacker’s demands, Gammelgard said.
“We weighed the threat posed by the potential release of this data versus the cost of paying this ransom,” the police chief said, adding that the personal information of victims in criminal cases could have been publicized online if the ransom hadn’t been paid.
“The confidential information of a number of individuals contained in this data, including victims, ultimately shaped our decision.”
Colantuono said that given the protection offered by the city’s insurance coverage, the decision to pay the ransom seemed justified to city officials.
“Given the potential exposure of victims and investigations in this data, we felt that if paying this ransom protects the people that we serve, we should do that,” he added.
The insurance that covered the city’s losses for the attack is provided by the Public Agency Risk Sharing Authority of California (PARSAC), a private insurance organization that insures a host of cities, towns, and some non-municipal agencies across California. PARSAC “pools” Grass Valley’s coverage with policies for other covered entities, minimizing the risk for individual municipalities, Gammelgard said.
While acknowledging the possibility that the cybercriminal enterprise behind the June 29 attack could have simply taken the ransom and still exposed the compromised data on the web, city officials expressed confidence that this scenario would not occur, based on consultations with a number of cybersecurity experts.
The collective assessment by these analysts, Gammelgard said, was that the hackers had a strong incentive to abide by their promise not to release this information if the ransom was paid, as breaking their side of the agreement would give this group less bargaining power in future negotiations with victims of their attacks.
“What we learned from these experts is there is a strong incentive to make good on promises not to release compromised information, because for their enterprise, this would reduce their bargaining position moving forward in the future,” the police chief said.
The FBI was contacted soon after the city became aware of the cyberattack, and is assisting in the city’s follow up investigation into how this attack occurred and what steps should be taken to prevent future situations, Colantuono said.
Specific information as to what exact systems were compromised and how officials will close such cybersecurity weaknesses will not be released, as publicizing such information could weaken future preventative efforts, officials said.
Cybersecurity experts generally recommend that large entities such as businesses, universities, and municipalities guarantee that their networks are properly “segemented” — meaning that steps are taken to ensure that if one system in a network is compromised, hackers cannot then use their foothold in that system to “tunnel” into other systems and steal more information from the network.
Grass Valley officials said that while the June cyberattack exposed certain weaknesses in the city’s overall network, it also demonstrated the success of certain cybersecurity programs that the city had previously installed in the network, specifically designed to ensure the segmentation of different systems.
“While this attack took some systems offline, we were able to sever the exposed systems and ensure that the other parts of our network were not also compromised,” Gammelgard said.
The breach into the city’s network follows a somewhat similar attack in May on Sierra College, where hackers were able to disable many of the school’s critical assets and temporarily bring the college’s online learning systems to a standstill.
That incident was identified by a state agency as a case of a PYSA cyberattack; an increasingly common method of cyber-intrusion where criminal groups rent out their specific method of cyberattack to an affiliate group of hackers, who then can target a specific entity, such as a college or business. The investigation into that attack is still ongoing, Sierra College officials have stated.
Grass Valley officials have not yet stated whether the June 29 breach was a PYSA attack or some other type of data intrusion.
Stephen Wyer is a staff writer with The Union. He can be reached at firstname.lastname@example.org
Support Local Journalism
Support Local Journalism
Readers around Grass Valley and Nevada County make The Union’s work possible. Your financial contribution supports our efforts to deliver quality, locally relevant journalism.
Now more than ever, your support is critical to help us keep our community informed about the evolving coronavirus pandemic and the impact it is having locally. Every contribution, however large or small, will make a difference.
Your donation will help us continue to cover COVID-19 and our other vital local news.