Cyberattack on Gondomar town hall “largest on public institution in Portugal”

Council forced to fork out €1.5 million restoring system

The mayor of Gondomar has revealed that the cyber-attack the municipality suffered in September was the “largest on a public institution” in Portugal so far, and has already cost €1.5 million.

In an interview with State news agency Lusa, PS Socialist mayor Marco Martins, was quoting the National Cybersecurity Centre when he referred to the dimension of the attack.

He said of the intrusion suffered in the early hours of September 27: “We have spent between €1.4 and €1.5 million on investments that have already been made and others that are planned, for example on reinforcing security (in which) we’ve bought more than 700 discs and services (…). Outside of this are the accumulated losses from days and days of downtime, because then we’re talking about many millions of euros in losses,” he said.

The alert sounded at 05:38 on that last Wednesday in September, and the effects of the attack continue to be felt.

According to Martins “normality should only be restored by the end of the year“.

He explained that once the “priority” of restoring service and normality had been achieved, “exhaustive work followed to recover 900 computers that work on the network, which involved changing discs, installing operating systems, software and applications.

“Almost all of the machines are now operational, around 90%, but there are online services that are still affected and cannot yet be made operational,” he admitted.

Asked about rumours that the hackers had been “infiltrating the municipality’s system for over a year“, Marco Martins was hazy:

“The experts say that our system was robust, but we were still attacked. On average we suffer 21 attacks a month and this attack was more sophisticated and the system couldn’t resist”.

Once authorities had been alerted, the solution was to hire “a private company linked to the Altice group” to help “recover the data, what was encrypted”, which has “largely” been achieved even though the council still needs “to use a parallel system to serve the public”.

“There is no final report yet, but the information we have from the authorities is that the attack came from a Russian server” he said, and that the “ransom demand totalled €750,000″.

The ransom however, was not paid – for three reasons.

“Firstly because we were advised by the authorities not to”, explained Martins.

“Secondly because there was no guarantee that the data would be recovered, and thirdly because, as we are a public service, we couldn’t open a public tender to pay for it”.

Revealing that there are “many projects, submitted by residents and by the council, that have been affected”, Marco Martins hopes that with the start this month of an external audit to determine responsibility for the attack , “more answers” about what happened on September 27 will emerge.

“They say there had been entries into our system for a long time. Experts say the aim was to stop the camera. Much more than extorting money or stealing data, the attack was aimed at paralysing the town council. It’s being investigated,” he assured.

Martins also revealed that it was this crisis that caused the first use of the Municipal Relief Operations Centre, inaugurated on March 25, “not a fire or a storm, but a computer crisis, something that had never been imagined”.

The mayor did not go into other consequences of the attack, which – according to earlier reports – left much of the stolen data “exposed on the dark web”, and for sale.

Jornal de Notícias reported that the hackers published all kinds of sensitive information, including citizens cards, passports “even a list of City Hall investment numbers”, while town hall business had to return to the practice of processing everything on paper.

Source material: LUSA/ ezpublish-france.fr