Cyber Incident Victim: City of West Jordan
Date:
Jun 2023
Location:
United States of America
Summary
West Jordan City was hit by a cyber-attack where hackers demanded a ransom of several hundred thousand dollars, which the city did not pay. The attack disrupted the city's phone system and online services, causing a delay in utility billing, but vital services like public safety and water were unaffected. The city stated that no resident financial or sensitive information was retained on its compromised systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around June 2023, the City of West Jordan, Utah, experienced a significant cyber-attack that targeted its information technology infrastructure. The incident involved attackers infiltrating the city's systems and subsequently demanding a ransom of several hundred thousand dollars in exchange for restoring access. This demand was not met, as the city officials made the decision not to pay the ransom to the cyber criminals responsible for the attack. The city's response was supported by its possession of cyber security insurance, which provided a financial safety net for such incidents, though the specific details of the insurance coverage were not disclosed. The primary impact of the attack was the disruption of the city's operational technology, leading to immediate outages that affected internal and public-facing services.
The cyber security incident caused a direct outage of the city’s phone system, rendering official phone lines inoperable for a period of time. Furthermore, certain online services provided by the city to its residents were also taken offline and became inaccessible due to the compromise of the underlying IT infrastructure. Despite these disruptions, the attack was contained in a manner that prevented any impact on vital city services that are critical for public safety and health. Specifically, public safety dispatch and emergency response operations continued to function without interruption, ensuring that police and fire services were fully operational throughout the incident. The delivery of safe drinking water was also maintained without any compromise to its safety or availability, and city functions such as permitting and inspections proceeded as normal.
A notable consequence of the system outages was a delay in the city's ability to generate and distribute utility bills to its residents. The billing system was among the services affected by the attack, causing a postponement in the issuance of bills that would have normally been sent out in a timely manner. To address this issue and mitigate the inconvenience to residents, the city implemented measures to extend payment deadlines and proactively waived any late fees that would have accrued due to the delayed billing cycle. The city communicated that residents would receive both their June and July utility bills within a short window of time once the systems were restored and the billing process could resume normally. This approach was designed to prevent financial penalty to residents for a situation that was beyond their control.
In the aftermath of the attack, the City of West Jordan issued a public statement to inform the community about the nature of the incident and the steps being taken in response. The city emphasized its commitment to protecting the data entrusted to it by residents and customers, stating that protecting this information was of the utmost importance. A key point communicated was that the city’s systems do not retain any financial or sensitive information about residents, which limited the potential for data theft or exposure of personal details. The statement expressed relative confidence that all personal identifiable information remained secure throughout the incident, indicating that no evidence suggested a data breach had occurred.
The city administration undertook a proactive communication strategy by sending out a direct email to residents within a week of the incident occurring. This email served to notify the public about the cyber-attack, provide initial details on the impacted services, and outline the temporary measures being put in place, such as the utility bill extensions. This rapid communication was part of the city's effort to maintain transparency with its residents and keep them informed about the disruptions to city services. The restoration efforts were undertaken with the assistance of an external cybersecurity firm, which was engaged to help investigate the attack, mitigate the damage, and restore the affected systems to full functionality. At the time of the public reporting, there was no specific indication provided by the city regarding when the restoration process would be fully completed, suggesting the complexity of the recovery operation. The incident underscores the ongoing challenges that municipal governments face from cyber threats and the importance of having response plans and insurance in place to manage such events without yielding to extortion demands.