Northern California city suffers second cyberattack in less than a month
The City of St. Helena, California, on Monday suffered a cyberattack that forced officials to shut down the city’s computer systems and public library as a cautionary measure.
The city, which sits about 65 miles north of San Francisco in Napa Valley, is working with the Northern California Computer Crimes Task Force, a company that provides computer forensic assistance to law enforcement agencies, to investigate the cyberattack, according to an emailed statement from the city. According to the statement, upon initial review, the cyberattack may have compromised more than 20 computers and a network server.
“As part of the NC3TF response, law enforcement cybersecurity experts, including members of the United States Secret Service and FBI, will review the system and complete a forensic investigation of the files,” the statement read.
The city said its antivirus system blocked numerous attacks starting at 1:30 a.m. on Monday and that the virus appears similar to one that has struck other cities in California, including Oakley, which suffered a cyberattack in February.
City officials said they noticed further computer network irregularities around 7 a.m on Monday, leading staff to alert the city’s IT contractor. At 9:30 a.m., administrators from the city’s Emergency Operations Center met, leading the city to close down the St. Helena Public Library, which last month experienced disruptions that downed phones, Wi-Fi and some virtual services after administrators noticed suspicious network activity.
The city didn’t confirm if the incidents are related.
St. Helena operates more than 25 cloud systems, some of which house sensitive data for employees, businesses and residents. Officials said all city files were last backed up on Sunday as as part of the city’s cybersecurity and business continuity plan.
“Although all city files were backed up and appear to be safe, it will most likely be 24 to 72 hours before the cybersecurity experts can clear the systems and restore the backed up files,” the city’s statement read.
The city claims the cyberattack did not affect water and wastewater plants or emergency services because they operate on separate networks.