Cyber Incident Victim: City of West Haven
Date:
Oct 2018
Location:
United States of America
Summary
The City of West Haven suffered a ransomware attack that encrypted 23 servers, prompting officials to pay a $2,000 ransom to restore access, after which the attackers decrypted the files. No data theft was confirmed, and the city began strengthening its network defenses to prevent recurrence. Concurrently, multiple government entities faced similar attacks, including disruptions to financial systems and non-military servers containing personnel information, with efforts focused on isolating affected systems and notifying impacted individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 16, 2018, the City of West Haven, Connecticut, experienced a ransomware attack that encrypted 23 of its servers. The attackers demanded payment to restore access, prompting the city to pay a $2,000 ransom described as a "one-time fee." The payment occurred shortly after the attack, and the cybercriminals subsequently decrypted the affected files. City officials confirmed no data exfiltration occurred during the incident, indicating that sensitive information was not removed from their systems. The attack disrupted municipal operations, though specific departmental impacts were not detailed in available reports. West Haven’s decision to pay the ransom aligned with immediate recovery objectives but highlighted vulnerabilities in its cybersecurity posture.
In response to the incident, West Haven initiated efforts to strengthen its network defenses to prevent future attacks. The city did not disclose whether backups were used during recovery or the exact duration of operational disruptions. No additional technical details about the ransomware variant or initial attack vector were released publicly. Concurrently, unrelated ransomware incidents affected the Indiana National Guard and Muscatine, Iowa, though no evidence suggested coordination between these events. West Haven’s transparency regarding the ransom payment contrasted with other entities’ more guarded disclosures, emphasizing the financial and operational pressures faced by municipalities during such crises. The city’s post-incident focus centered on infrastructure hardening without elaborating on specific security upgrades implemented.