The city of Pensacola, Fla., said it has been hit by a cyberattack that shut down the city’s computer networks and affected its systems.
The attack occurs just days after a shooting occurred Friday at U.S. military base Naval Air Station Pensacola, leaving three dead. Pensacola’s mayor, Grover Robinson, told news outlets that he didn’t know if the cyberattack was connected to that incident.
“In light of the shooting Friday at Naval Air Station Pensacola, the City of Pensacola notified the Federal Bureau of Investigation, Department of Homeland Security and Florida Department of Law Enforcement about the incident as a precaution,” the city said in a Monday evening press release.
Pensacola, which has a total population of 51,923 (as of 2010), is the westernmost city in the Florida Panhandle. The city, which was first hit by the cyberattack on Saturday, said that the incident affected city email and landlines, the 311 customer service line, and online bill payments for Pensacola Energy and City of Pensacola Sanitation Services.
“The City of Pensacola’s Technology Resources Department is continuing to work diligently to address a cyberattack that occurred early Saturday morning, Dec. 7,” the city said. “As a result of the incident, Technology Resources staff disconnected computers from the city’s network until the issue can be resolved.”
The city said it does not yet have an estimate on when services will be fully restored.
Pensacola also did not reveal any further information about how the cyberattack first occurred, what type of personal data was breached, or whether the attack stemmed from malware or ransomware.
“Although it’s currently unconfirmed whether the cyberattack against the City of Pensacola involved ransomware, details released by officials are reminiscent of previously confirmed incidents against U.S city governments,” Alex Guirakhoo, strategy and research analyst at Digital Shadows, told Threatpost. “Until information can be determined with confidence, public sector organizations typically withhold specific information like ransomware variants or the value of ransom demands.”
Emergency dispatch services and 911 were not impacted and continue to operate normally. Additionally, the city’s website (cityofpensacola.com) and online permitting services (mygovernmentonline.org) remain operational.
Pensacola is not the first city to be targeted by cybercriminals in the midst of crisis. In 2018, a critical water utility in Onslow county was hit by a ransomware attack, significantly impeding its ability to provide service in the week after Hurricane Florence hit the East Coast of the U.S.
Municipalities in general are frequent targets of hackers as they are likely perceived by ransomware operators to be less secure than larger government or private sector organizations, Guirakhoo told Threatpost.
“Information security may also be seen as a lower priority for budget-holders at public entities with limited financial resources, which can result in outdated infrastructure, poor security culture and limited dedicated technical support or knowledge,” he said.
In fact, also this week, reports emerged that the city of Pascagoula, Miss., was hit by a ransomware attack on Nov. 28 – Thanksgiving – which stemmed from an cyberattack against a third-party contractor who was connected to the city’s data infrastructure. City phones and systems were reportedly impacted, and the city is working to restore various systems.
In June, dual Florida cities – Lake City and Riviera Beach – were both hit by ransomware attacks (and decided to pay off the hackers). And in August, 22 Texas entities – the majority of which were local governments – were hit by a ransomware attack that Texas officials say is part of a targeted attack launched by a single threat actor.
“I don’t believe things will change and this will be a continuing pattern until we rethink how cybersecurity works at the local level,” Chris Morales, head of security analytics at Vectra, told Threatpost. “The state governments need to look at programs that bolster the local governments and treat the entire state as a single collative entity in coordinated in cyber security efforts.”
Free Threatpost Webinar: Risk around third-party vendors is real and can lead to data disasters. We rely on third-party vendors, but that doesn’t mean forfeiting security. Join us on Dec. 18th at 2 pm EST as Threatpost looks at managing third-party relationship risks with industry experts Dr. Larry Ponemon, of Ponemon Institute; Harlan Carvey, with Digital Guardian and Flashpoint’s Lance James. Click here to register.