The city of Pensacola, Fla. is still grappling with the impact of a ransomware attack over the weekend.
City spokesperson Kaycee Lagarde confirmed on Tuesday that it was ransomware. The news was first reported in the Pensacola News Journal.
"As a result, we disconnected much of our network until the issues can be resolved," Lagarde told Fox News on Thursday.
"We reported the incident to the FBI, FDLE [Florida Department of Law Enforcement] and Homeland Security as a precaution." she said.
In a ransomware attack, critical data and files are encrypted and locked, blocking access, until a ransom is paid.
Escambia County Commissioner Jeff Bergosh described the response to the attack in a blog.
City spokesperson Lagarde said that email servers are back up but since IT still has computers disconnected from the network, city employees only have limited access to email. Most landlines have been restored.
"The city remains operational, but we are somewhat limited since we aren’t able to use our computers or internet until these issues are resolved," Lagarde said.
Emergency dispatch and 911 services were not impacted and continue to operate.
“Maze” Ransomware the attacker?
The News Journal said the ransomware attack “appeared to be using the same software as an attack against Allied Universal” – a security company that has an office in Pensacola.
Cybersecurity site BleepingComputer identified it as Maze Ransomware and said that the operators behind Maze claimed responsibility for the cyberattack and have demanded a $1,000,000 ransom for a decryptor.
At this time, the city of Pensacola has not confirmed the reporting from BleepingComputer.
"We are not able to provide additional details about the attack itself due to the ongoing investigation," city spokesperson Lagarde said.
BleepingComputer added that the Maze operators claimed it is “not affiliated with the recent shooting at NAS Pensacola.” That shooting took place on Friday at the Naval Air Station Pensacola, when three people were fatally shot.
In the case of Allied Universal, the ransomware attack was especially pernicious because data was stolen in addition to files being encrypted.
“Both state audits and academic studies have indicated that governments do a poor job of managing their cybersecurity. That needs to change, and it needs to change very quickly,” Brett Callow, a spokesperson with the anti-virus company Emsisoft, told Fox News.
“In this case, it’s possible that data reported to have been stolen during the attack on Allied Universal may have enabled the attack on the city to succeed,” Callow said. “Whether or not that was the case, I cannot say, but the possibility nonetheless illustrates the need for stronger reporting requirements and better information sharing."
So far this year, a total of 948 government agencies, educational establishments and healthcare providers have been impacted by ransomware, Emsisoft said in a statement on Thursday.
In May, Baltimore was hit by a strain of ransomware called RobbinHood. The city refused to pay the $76,000 demanded, but the attack caused widespread disruption of city services and property transactions.