Above: Town Manager Andrew Nota gives the Town Council a report on the Dec. 5 ransomware attack on the town.

By Elizabeth F. McNamara

Last week’s ransomware attack wasn’t on the Town Council’s agenda Monday night, but recognizing it was foremost on people’s minds the Town Council voted to include a report on it from Town Manager Andrew Nota.

The attack hit around 4 p.m. Thursday, Nota said, which proved fortunate, since most of the town’s 19 servers had been backed up just an hour earlier, at 3 p.m. 

“That’s quite a bargaining chip when we have protected that information offsite and our exposure was really limited in most of these cases to just an hour or two and the limited number of transactions that would have occurred during that time period,” Nota said.

He said IT staff (director Wendy Schmidle and network administrator Matt Whetzel) were hearing about abnormal activity systemwide Thursday, at locations all over town. Within minutes, Schmidle decided to shut down all systems.

“I would attribute that timely decision to thwarting a really significant level of disruption,” Nota said. Still, about three-quarters of the town’s systems were impacted by the attack.

While the town has insurance against breaches of this sort, the deductible is $50,000, so they have not yet decided whether or not to file a claim. The town has hired ePlus, a national technology company, and over the weekend they had extra help to look at all the town’s computers. 

“What was initially thought was a limited impact on our servers and many of our desktops was later found there were random infections on desktops in various departments all over the community,” Nota said. If they’d gone undetected, any one of those computers could have reinfected the system. 

“Although it’s been inconvenient for a few days, we were very fortunate to have the weekend to catch up,” he said. “I have great confidence in the steps that have been taken thus far but again we’re far from finished. We’re in the process of a system-wide review.”

Nota spoke with gratitude of Schmidle and Whetzel. 

“I can say, we were critically disrupted. Our system was critically disrupted … but it could have been far worse,” he said. “The reason it wasn’t worse was really the actions of the staff we had on hand. I can honestly say they take the job extremely seriously and they take it personally in terms of their defensiveness of the system.”

He added, “The team … was there from morning til night working with individuals from throughout the New England area to be able to put our core systems online. The effort put in, the decision-making that occurred, was far beyond my expectations.” 

As for what triggered the attack, Nota said that investigation would have to wait until after this critical phase was over. 

Acknowledging it could have been as simple as one employee clicking on the wrong email link, he said going forward the town would be working to better prepare employees about possible threats.

“We’re going to engage in more significant staff training to better understand the nuances of the new threats that are out there.”

Value the news you get here on East Greenwich News? Consider supporting it by becoming a sustaining member or making a donation! We are a tax exempt 501(c)(3) organization dedicated to keeping East Greenwich a well-informed community but we need reader support! Click on the Donate button below or send a check to EG News, 18 Prospect St., East Greenwich, RI 02818. Thank you.