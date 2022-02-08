By SCOTT JACKSON

The city of Quincy had brought more than half of its servers back online as of late Monday after the city’s network was hacked during a cyberattack last week.

Chris Walker, the chief of staff to Mayor Thomas Koch, said the city’s IT Department discovered something was amiss last Thursday morning when some applications within the Quincy Police Department’s server and network showed signs of disruption.

The servers were immediately locked down, Walker said, and a preliminary investigation turned up ransomware, meaning that there were text files found that demanded money in exchange for the safe return of data.

Walker said that this is “different and more sophisticated” than the usual cyberattacks the city sees that involve email phishing scams; in those cases, someone has to open a suspect email attachment that then allows access to the city’s network. During last week’s cyberattack, Walker said hackers directly broke into the city’s network.

After the cyberattack was discovered, Walker said the city’s IT department reached out to the city’s security contractors and they enabled a rapid response team to help track down the source of the attack, identify corrupted data, and scan every computer attached to the city’s network for any signs the hackers still had access.

That process remains ongoing this week, Walker said. The city maintains a total of 60 servers, 32 of which had been deemed safe and were back up and running as of Monday evening. The city prioritized critical applications and department like the Quincy Police and Fire Departments and the Quincy Public Schools as well as Munis, the city’s financial software. All those operations were brought back online by Monday morning. Some office applications that require access to the city’s shared file drive remained down as of late Monday.

Walker said the city’s backup systems appear to be in good working order and it does not appear that any data was lost permanently.

The city does not know if the attackers obtained any actual data when they broke into the network, Walker said, but investigators have not seen evidence that anyone is shopping the city’s data on the dark web.

Walker also noted the city does not keep any identity information from the public on its network. All online payments are conducted through third-party vendors and not intertwined with the city network, he said.

“We’re cautiously optimistic that because of the quick response from our IT team that this is an inconvenience more than anything else,” Walker said in a statement. “But obviously these are the times we are living in, and we’ll be absolutely looking at our network security to see what improvement can be made.”