NewsLocal NewsWe Follow Through

Actions

'We have no intent of paying the ransom': Cleveland says it will not negotiate with cyberattackers

Ransomware attack discovered 12 days ago
Untitled design (15).jpg
Posted
and last updated

CLEVELAND — The City of Cleveland said it won't pay the ransom demanded by cybercriminals who attacked the city's systems.

In an e-mail to News 5 Cleveland, Chief Communications Officer Sarah Johnson wrote, "At this time, we have no intent of paying the ransom and are working to restore our systems. "

She declined to answer questions about the amount of the ransom. She wrote, "As a matter of security, we cannot share details of the demand."

The city has been working to restore its systems since the ransomware attack was discovered 12 days ago.

RELATED: City Hall 'cyber incident' identified as ransomware attack

Jeff Brancato, Executive Director of Northeast Ohio CyberConsortium, said it is "a good sign" that Cleveland will not pay the ransom.

"That suggests to me that they feel comfortable that they'll be able to put their systems back online and that they can recover data that may have been exfiltrated or lost," he said.

The Northeast Ohio CyberConsortium is a regional business association that helps improve cybersecurity for its members, which includes 28 local companies, hospitals and universities.

Since the attack, Cleveland employees have been overcoming challenges to provide resident services.

While 'closed to the public,' work is getting done inside Cleveland City Hall following ransomware attack

RELATED: While 'closed to the public,' work is getting done inside Cleveland City Hall following ransomware attack

Brancato described paying ransom as a "business decision" but also said the FBI and law enforcement advise against paying ransom to cybercriminals.

"You have to remember that you are dealing with criminals," he said. "And going into a business relationship with criminals is never a good idea."

What we know

Some city systems were not attacked.

In her email, Johnson wrote that she can confirm the Department of Taxation (CCA), utilities, and airports "are segmented on a different network and domain" and the city's review "found no evidence of an attack on these specific systems."

She also wrote that "Cleveland is working with out state and federal partners to assess our systems and determine a plan moving forward."

What we don't know

There are still many unanswered questions about Cleveland's ransomware attack.

Johnson wrote she "cannot disclose" if the attackers were known to law enforcement or if they have targeted other municipalities.

"I think that will probably come to light at some point," Brancato said. "There are a number of international ransomware gangs that are active."

It is also unclear how the attack happened and which data was targeted by cybercriminals.

Johnson wrote, "We are still investigating what data has been exfiltrated from our on-premises servers and cannot confirm what (if any) employee data has been accessed at this time."

"The lesson to take away from this is that we're all vulnerable," Brancato said. "The tools that the bad actors use are increasingly prevalent, increasingly easy to acquire and increasingly easy to use by individuals and organizations that are not that sophisticated."

After being closed to the public for nearly two weeks, Cleveland City Hall will reopen Thursday at noon but with "select operations."