Cyber Incident Victim: City of Coeur d'Alene
Date:
Feb 2024
Location:
United States of America
Summary
The City of Coeur d'Alene experienced a cyberattack involving malware that disrupted its website and landline communications for multiple days, though emergency services remained operational. The incident prompted the city to take affected systems offline while collaborating with cybersecurity consultants to secure and restore services, though potential compromise of citizen data remained unconfirmed. Experts cited phishing attempts or exposed credentials as common entry points for such breaches, noting that ransomware attacks often involve data exfiltration, system encryption, and demands for cryptocurrency payments. Response efforts focused on containment, forensic analysis, and leveraging backups for restoration, with plans to implement enhanced security measures and training to mitigate future risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 11, 2024, the City of Coeur d’Alene discovered malware within its computer network, prompting an immediate response to contain the cyberattack. By Wednesday, February 14, emergency services had resumed normal operations, though the city’s public website and landline telephone systems remained offline for three consecutive days as restoration efforts continued. The city issued a press release through its police department confirming that the cyberattack disrupted standard communication channels but did not specify the exact nature or origin of the malware. Out of caution, affected systems were taken offline to secure and restore services safely. The city engaged national cybersecurity and data forensics consultants to investigate the breach and assist with recovery. No public statements confirmed whether citizen data stored on the network was compromised, leaving potential privacy impacts unresolved. Idaho state law mandates that public agencies report security breaches to the Attorney General’s Office within 24 hours of discovery, but compliance status regarding this incident was not disclosed.
The incident response focused on containment, system preservation, and service restoration, with no disclosed timeline for full recovery. Consultants worked to identify the attack vector and scope of network infiltration, though the city withheld details on whether ransomware or data exfiltration occurred. Malware, as defined in the city’s statement, encompasses viruses, worms, ransomware, and spyware capable of data theft, encryption, or system hijacking. The disruption to landlines and online services persisted through the initial three-day period, indicating significant system isolation measures. Ongoing coordination with external experts aimed to implement enhanced security protocols and prevent recurrence, though no specifics on password changes, training updates, or infrastructure modifications were provided. The city maintained limited public communication, emphasizing operational continuity for critical services while deferring broader commentary on attack attribution or long-term mitigation strategies.