Cyber Incident Victim: City of Keizer
Date:
Jun 2020
Location:
United States of America
Summary
The City of Keizer experienced a ransomware attack compromising its computer systems, requiring a $48,000 payment to regain access to encrypted data. While the hackers successfully extorted payment, subsequent investigations found no evidence that sensitive information was accessed or misused during the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 10, 2020, the City of Keizer, Oregon, experienced a significant cybersecurity incident when unauthorized actors compromised its computer systems. The attackers deployed ransomware, encrypting city data and demanding payment for its release. City officials confirmed the breach occurred on Wednesday, June 10, though the exact timing and initial attack vector were not publicly disclosed. Faced with operational paralysis and inability to access critical systems, the city negotiated with the perpetrators and ultimately paid a $48,000 ransom to regain control of its encrypted data. The payment facilitated the restoration of system access, allowing municipal operations to resume. No evidence indicated data exfiltration or theft during the intrusion. The incident caused temporary disruption to city services, though specific departments or functions affected were not detailed in available reports. Law enforcement and cybersecurity professionals were engaged to investigate the breach, but no attribution to specific threat actors or groups was provided. The ransom payment decision reflected the city’s assessment of operational necessity amid limited recovery alternatives.
Following the ransomware payment, city officials conducted forensic reviews to evaluate the scope and impact of the attack. Their analysis concluded that no sensitive data—including resident information, employee records, or financial documents—had been accessed or misused by the attackers. The breach primarily resulted in operational downtime and financial loss from the ransom payment, with no secondary compromises identified. The city did not publicly disclose whether backups or other contingency measures were available to mitigate the attack’s effects. Recovery efforts focused on restoring system functionality and reinforcing security protocols, though specific technical countermeasures implemented post-incident were not enumerated. The $48,000 ransom expenditure represented a direct financial impact, though indirect costs related to investigation, remediation, and potential system hardening remained unquantified in public statements. The incident underscored vulnerabilities in municipal infrastructure but did not trigger reports of prolonged service interruptions or legal consequences at the time of disclosure.