homepage logo

Clearfield target of ransomware attack; official says city now ‘up and running’

By Tim Vandenack standard-Examiner - | Jul 21, 2021
1 / 4

The Clearfield Municipal and Justice Center is pictured Wednesday, July 21, 2021.

2 / 4

The Clearfield Municipal and Justice Center is pictured Wednesday, July 21, 2021.

3 / 4

The Clearfield Municipal and Justice Center is pictured Wednesday, July 21, 2021.

4 / 4

The Clearfield Municipal and Justice Center is pictured Wednesday, July 21, 2021.

CLEARFIELD — The City of Clearfield’s computer system was the target of a ransomware attack, which prompted the city to turn off the network for much of last week to minimize the potential impact.

The unknown hackers have asked for a ransom “in the millions” of dollars to unlock access to the system. But J.J. Allen, Clearfield’s city manager, says the Davis County city is taking steps to get around the hack, hasn’t paid any money and may end up paying nothing. Either way, it’s a point of concern and the cyberattack put a big dent in city operations last week.

“Our phones were down all of last week. We had no internet. All of our systems were down. It was a rough week,” Allen said.

The city’s information technology staffers discovered the attack on July 11 and the city’s computer systems were subsequently shut down in response. The city is recovering data from backup systems managed separately from the main network and Allen said city operations started going back to normal late last week. As of Tuesday, he said the city was “back up and running” and he praised the “heroic efforts from our IT people.”

Even so, officials are still trying to pinpoint the extent of the infiltration, how it occurred, who may be behind it and what data, precisely, may be compromised. “That is still being investigated and analyzed,” Allen said.

In a statement on Wednesday, Mayor Mark Shepherd said the quick reaction of IT staffers “prevented this event from becoming an absolute disaster.” He also emphasized that city residents’ financial data was not compromised, which factored in not talking publicly about the matter until now, as word has seeped out.

“We are still in the middle of a negotiation with those whom the investigators refer to as ‘actors.’ I prefer to call them pirates, terrorists or simply thieves. When you are in the process of negotiating, the last thing you want is to show your cards or to show weakness,” Shepherd said.

Randy Boyle, a professor of management information systems at Weber State and a Fulbright scholar, said the Clearfield attack has the hallmarks of cyberattacks that have increasingly been occurring around the country and world. The University of Utah’s College of Social and Behavioral Science was the target of a ransomware attack last year. Colonial Pipeline, which operates an oil pipeline on the East Coast, was the target of a cyberattack last May, garnering headlines across the country after the firm temporarily closed its pipeline in response, causing fuel shortages in some areas.

“They’ve been happening all over the United States,” said Boyle, an expert in such matters.

Ransomware attacks typically come from hackers based in Eastern Europe and China, Boyle said. Hackers will infect a computer network with a virus, blocking access to the system unless and until victims pay a ransom. Allen said hackers will also sometimes threaten to sell compromised data unless they get a payout from victims.

In Clearfield, Allen said the city doesn’t store credit card or social security information on city computer systems of the customers of city services, downplaying the possibility of a breach involving information from the general public. However, city staffers will likely be offered credit-monitoring services as a safeguard, he said.

At any rate, Boyle said hackers that carry out attacks like the Clearfield one are typically more interested in getting a big payout from a large, deep-pocketed entity. They’re not interested in going after individuals who likely would’t have the same resources. In the University of Utah cyberattack last year, the university said it paid out $457,059.24 in ransom to the hackers.

“After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker. This was done as a proactive and preventive step to ensure information was not released on the internet,” the university said in a statement last year.

Colonial Pipeline paid $4.4 million in bitcoin in ransom money, though the U.S. Department of Justice was able to recover about $2.3 million of that, according to Vox.

Indeed, the more common victims in the recent past were large corporations. But as many businesses have beefed up their computer security, hackers — which can be criminal enterprises or even state actors — have increasingly targeted health organizations and governmental entities. Such organizations, Boyle said, “typically have weaker cybersecurity and they have the ability to pay large amounts of money.”

Shepherd said Clearfield has implemented changes to avoid a repeat cyberattack, even as it tries to figure out which data the hackers may have accessed. “While they do not have financial information from our residents, it is still possible they have information from our personnel files, police records (most of which are already public records) and such, but the further our investigators dig, the more hopeful we are that this is not the case,” he said.

Boyle doesn’t know how the Clearfield cyberattack may have occurred. But he said hackers can go to an entity’s website and send deceptive messages containing viruses to workers using emails found online to get into a system.

’IT’S DEFINITELY CRIMINAL'As a result of the cyberattack in Clearfield, city staffers for a time couldn’t process credit card payments for utility bills and could only take cash or checks, among many other impacts. Receipts were written by hand. “It hit us pretty hard,” Allen said.

Emergency dispatchers use a separate phone system that wasn’t impacted by the cyberattack, fortunately, and could still take calls.

Clearfield has insurance coverage that’s helping contend with the attack and the insurer is aiding in the investigation. The Federal Bureau of Investigation has been informed of the matter. “It’s definitely criminal,” Allen said.

Whatever the case, Boyle holds out little hope that the hackers will ever be prosecuted.

“Most of these people are overseas and there’s no way you’re going to punish them. They’re not going to be extradited,” he said. Many come from Russia, he said, and that country, in particular, generally prohibits extraditions.


Join thousands already receiving our daily newsletter.

I'm interested in (please check all that apply)