NORTH KINGSTOWN, R.I. — North Kingstown town officials expect that costs related to an April cyberattack on computerized town financial systems will soar past $245,000 accrued now, but also anticipate the town to be compensated for the outlay.
The town has insurance policies paying for a forensic audit to check for stolen information or malicious code inserted into the systems. It also hired a data privacy attorney to ensure personal information is safeguarded and proper legal steps taken for any violations found.
“I do think that number will grow substantially,” said Town Manager Ralph Mollis referring to $220,000 in bills on analysis of the attack and an initial $25,000 estimate for lost revenue. He expects the lost revenue to also be covered by insurance. He said he could not estimate how much it will grow.
The town manager noted that Envision Technology Advisors of Pawtucket is doing the detailed analysis of the systems. Harford-headquartered law firm Robinson and Cole is working with Envision to determine any legal liability for the town and notices to be sent to individuals.
However, the bigger issue is the extent of the damage and problems caused by the cyberattack.
“We truly don’t know yet (all of ) what was compromised or received (taken by the attackers),” he said.
Mollis also said that the town’s security review firm knows how the hack into the system happened
“It doesn’t know ‘physically who they are.’ Their attack leaves a footprint. They have been involved in numerous attacks worldwide. We don’t know their physical location or identity. We know their cyber identity,” he explained. “Also, state police and federal authorities have been notified and are pursuing as they would any cyberattack.”
Mollis recently told the town council that preparation helped prevent a worse outcome.
“It appears we’ve been very fortunate, to date, thanks to the hard work of multiple staff and years of preparation and fortification,” he said. “We’ve implemented significant upgrades and improvements to our system since the attack.”
Mollis called the penetration of the town firewall-protected system a “real world” experience following a triggered alert at 4 a.m. on Saturday, April 22, that had been the target of a ransomware attack.
The town “has learned the security measures we had in place worked as intended. The town last invested in an external cybersecurity audit with Stealth-ISS in 2021, which resulted in the recommended security measures being implemented,” he said in April. “Our enterprise resource planning solution software which integrates payment processing, human resources, purchasing, fixed assets, and revenue streams was temporarily suspended out of an abundance of caution.”
“We disconnected computers. We turned to our cloud system. We did everything that we had to do as fast as we could, which I think probably put us in a better position than we would have been.”
Backup systems prevented data from being lost or held for “ransom” by the intruders, he said in April.
Sophos, cybersecurity experts, said in its State of Ransomware in State and Local Government 2022 that cyber security insurance is helping organizations to improve their security measures.
It said that 80% of state and local government organizations reported having cyber insurance coverage against ransomware, lower than the cross-sector average of 83%.
The study also reveals an increasingly challenging threat environment with state and local government reporting an above-average increase in the perceived volume of attacks and the impact of attacks.
It also sheds light on the relationship between ransomware and cyber insurance, including the role cyber insurance is playing in driving changes to cyber defenses for greater protection.
Mollis said last week that he and another staff member attended a Rhode Island League of Cities and Towns workshop on cyberattacks.
Information from the workshop was “reassuring in that it confirmed the steps we took prior to the attack and the action we’ve taken since the attack. It was also eye-opening,” he said.
Mollis pointed to a 91% increase in cyberattacks since February of this year and with an estimated $5 million in losses.
“Despite our efforts, and there have been and continue to be many, none of us are immune from these attacks,” he said. “However, we will continue to be aggressive in this area.”
