Joplin says cybersecurity incident was due to ransomware

Joplin City Hall
©KOAM News

JOPLIN, Mo. – The City of Joplin says so far, investigators have determined a cybersecurity incident was due to ransomware. Officials released the following update today.

(Previous article: Joplin’s online payment option is now operationalJoplin City computer issues now cybersecurity investigation)

(8/5/21) The City of Joplin is responding to a recent cybersecurity incident that began on July 7, 2021.  The incident impacted the City’s computer system and caused a temporary outage affecting phones, computers servers, and online applications. Upon learning of the incident, the City immediately isolated the impacted systems, contacted law enforcement, and launched an investigation. The investigation is ongoing, but so far, determined the incident was due to ransomware.

The City is approaching this situation with the utmost seriousness, and third-party cybersecurity firms are engaged to assist in the investigation and remediation efforts – including local IT company, Stronghold Data. The City has been working with these third-party cybersecurity experts to secure the City’s network and resume critical operations as quickly as possible.

To date, the City has restored nearly every system and the associated data needed to resume normal operations, including the City’s COVID Dashboard, online utility payments and court functions. The City continues to work diligently to restore its vital records system (birth and death records) and graphic information system (GIS) as quickly and as safely as possible.

The City also engaged a third-party IT forensics firm to conduct a thorough investigation to determine the scope of the incident, including what – if any – data may have been accessed by the unauthorized actor. This investigation into who and what specific information may be involved is ongoing, involves a manual document review process and may take an extended period of time to complete. Upon the conclusion of this review, the City is committed to notifying involved individuals in accordance with applicable law and providing resources to help those individuals protect their information.

The City takes seriously its commitment to safeguard the sensitive data in its care. Because of that commitment, the City exhausted all efforts, including authorizing payment of $320,000 to the unauthorized individual responsible for the incident, to prevent that sensitive data from being exposed. This payment is covered by the City’s cyber insurance policy. Additional specific information about the incident will not be disclosed at this time as it could jeopardize the integrity of the investigation and also expose the City to future risk and attacks.

As the investigation moves forward, City staff is working to identify additional technology and services to help prevent these types of events from occurring in the future. As cybersecurity threats continue to evolve and impact organizations across sectors, the City encourages residents and businesses to take steps to protect their systems and information to limit their own exposure to these types of events.