AUGUSTA — A malicious computer virus that targeted — and squarely hit — the city early Thursday morning forced the closure of Augusta City Center.

The virus froze the city’s computer network and rapidly spread to laptops and other devices.

Augusta City Center, on July 12, 2016. Kennebec Journal photo by Joe Phelan

Officials said Thursday afternoon they had located the virus are working on a fix, and no data was taken in the apparent cyberattack. Once they confirm the virus has been removed from the network and all devices associated with it, they plan to restore the city’s servers and get the system up and running again.

Because so many municipal functions there rely on computers — and restoring servers and fixing the damage done is expected to be a cumbersome process — Augusta City Center will remain closed until at least Monday, while the network and servers are restored.

Fred Kahl, director of the information technology department for both the city and schools, said a piece of malicious software somehow got into the city’s computer network, spread rapidly and damaged servers. He said it appears it was a targeted attack. But he also said no data, such as personal information about residents, was taken in the incident.

“Nothing got out, no names or anything like that. It just became inaccessible,” Kahl said late Thursday afternoon about data stored on city servers.”Nothing went anywhere, guaranteed.”

Advertisement

The virus, which officials said was inflicted upon the city’s servers intentionally, also shut down computers used by public safety dispatchers — but not the city’s phone system or the public safety radio system used by dispatchers and police, fire and ambulance staff members in the field to communicate. Dispatchers, who don’t have access to their usual computer-aided dispatching system, tracked calls and the activity and whereabouts of police officers, firefighters and ambulance crews manually.

“It’s not a threat to public safety,” Ralph St. Pierre, finance director and assistant city manager, said Thursday morning from the closed city center. “Dispatch is still answering. The phones are still working.”

What isn’t working is anything that relies on the computer network at Augusta City Center, including municipal financial systems, billing, automobile excise tax records, assessor’s records or general assistance.

All those systems became inaccessible when the city’s network was hit by a virus around 3:20 a.m. Thursday, which froze up the network.

“All our servers are locked up,” St. Pierre said. “This was a particularly bad (virus). This one exploded, it got all the data, all the servers, they froze rock solid, and you can’t pierce it. It’s pretty widespread and impactful.”

He clarified that while the city’s servers and data have been frozen and are inaccessible, it is not believed city data has been breached.

Advertisement

“It was not a breaching of the data. It was a locking down of the data,” St. Pierre said. “This was intentional.”

Professor Henry Felch, program coordinator of the University of Maine at Augusta’s cybersecurity program, which he said is the largest such program in the state, speculated it could have been an inside job, perhaps by a disgruntled current or former employee or someone else with knowledge of and access to the city network.

“If someone did want to do something to bring Augusta to a screeching halt for a couple of days, it could be an act of revenge, or it could be someone is making a statement,” Felch said. “Usually a virus is more widespread than just one locality, if the goal is to infect a lot of computers. This sounds like it was directed toward Augusta. It was a very targeted attack.”

He said the city should involve state police, because what occurred appears to be a crime. He said it appeared the malicious software was intended more to destroy data than to capture data.

St. Pierre said the city’s data is intact, and all its backup systems are fine, meaning the city can start restoring servers. He said restoration work will include contacting software providers so they can reinstall their software. He said it could take until as late as Tuesday to have the network up and running and reopen city center.

Kahl said officials know when the attack was initiated, around 3:20 a.m. Thursday, but he believes the city might never know with 100 percent certainty how the software got into city servers.

Advertisement

He said the city did not pay a ransom payment, as some Maine municipalities and even the Lincoln County Sheriff’s Office have done previously, to have the software removed.

City Manager William Bridgeo said city information technology staff members all were working on the problem, and an outside software consulting firm from Portland also had specialists working on the problem in Augusta.

St. Pierre said officials stopped the virus before it spread to School Department files or servers, which are connected to the same network, and they have been shut off from the network to protect them. He said the city’s email server is at the school department and is still up and running, so city staff members with smartphones can still respond to email.

To make sure all devices that might have been infected with the virus were cleared of it, about 15 Augusta police workers, most of them officers, underwent about a half-hour of training from Kahl and then set out to check every city facility — or anywhere else an infected laptop or other device might be — to see if they had the virus on them. The 10 or so devices that were infected were taken to Kahl’s office so the virus could be removed.

A sign tells patrons about computer system problems on Thursday at Lithgow Public Library in Augusta. Kennebec Journal photo by Joe Phelan

City Center, where nearly all functions rely to some extent on computer access, is expected to remain closed at least through Friday. Other city facilities never closed and are expected to remain open. St. Pierre said Hatch Hill was open and manually billing customers, the library was open, and the Buker Community Center — including youth programming there — was open and running but couldn’t take new registrations, and public works employees were working.

The Augusta Civic Center also was affected by the virus, since its computers are integrated into the city network, but officials said they were still able to access its ticket-selling firm and could sell tickets to events for cash, but not credit cards, on Thursday.

Advertisement

At Lithgow Public Library, the virus’ effect was — in some ways — to send the library back to its past, one based around books, not computers. Its computers were down and unable to access the internet, but people still could read books there. And, according to Julie Olson, assistant director and adult services librarian, they still could check out books and other materials. The public library’s usual circulation system was down, but they were able to use a backup system.

“For our patrons, the biggest impact was we don’t have internet,” Olson said. “We’ve got no computer access at all, they’re all connected to the city’s server, so we can’t access anything. But you can check out books, return books and renew books. We just can’t do the other parts.”

Bridgeo said the city buys “cyber liability” insurance through Maine Municipal Association, and as part of that, about a month ago it had an assessment done of the security of the city’s network. He said he just read a report on the findings of that assessment about a week ago and found that Augusta “got pretty high grades for how we stand.”

Felch said municipalities could be tempting targets for cyberattacks because of all the data they have, or because some of them have control over water treatment systems and other crucial resources. He said the best thing municipalities can do is emphasize training and awareness among staff on how to avoid allowing cyberattacks to be successful. But he said if the malicious software came from inside, via someone with access to the network, there might be nothing the city could do.

He said the city might want to look at its network defenses to see if such attacks could be detected faster.

Felch said the state needs to provide resources to help municipalities fend off cyberattacks.

Advertisement

“What happened to Augusta could probably happen to other municipalities around here, because it’s easy to do and it’s easy to get something started,” he said. “Maine has a lot of smaller municipalities, which makes it a target for someone who may want to practice, and hone the skills they might need to attack a larger city in the future. I think state government needs to do more to help these small municipalities be able to provide protection.”

Augusta police Chief Jared Mills agreed the cyberattack does not pose a threat to public safety. He said the only real effect was not being able to enter information directly into a computer. He said dispatchers were recording things manually and clerks were working to help dispatchers with that task.

Mills said there is “no threat to public safety. This is exactly how we completed reports when I started 20 years ago. Everything was handwritten and our response time then was the same as it is today.”

Felch, an Augusta resident who was turned away Thursday from City Center when he went there to get a new permit to use the Hatch Hill landfill, though at the time he didn’t know why, said students and faculty of UMA’s cybersecurity program would be willing to help Augusta and other municipalities protect themselves.

filed under: