DENVER — Multiple municipal services are down following a ransomware attack that forced the city of Lafayette to pay hackers $45,000, according to a news release distributed Tuesday.
“I can tell you that using taxpayer funds to pay a ransom was definitely not the avenue the city wanted to take,” Mayor Jamie Harkins said in a video statement.
The attack happened during the early morning hours of July 27, according to the city. It disrupted phone service, emails and online payment systems, but did not extend to 911 and other emergency services.
The ransomware is believed to have either entered the city through a phishing scam or “brute force,” the city said.
Multiple neighboring jurisdictions as well as the State Office of Information Technology jumped in to assist, and as of this writing, system servers and computers are being cleaned and rebuilt.
There is no timeline for when city services will be back up and running.
“There is no evidence to suggest personal data was compromised, but out of an abundance of caution residents and employees are cautioned to be diligent,” Harkins said.
Harkins said the city didn’t come clean about the ransomware attack when it happened last week as part of a strategic decision during its negotiations with hackers. Officials ultimately decided it would be cheaper and faster to pay the ransom than to do something else to restore services.
The money came from the city's general fund, spokesperson Debbie Wilmot said. Due to COVID-19 budget shortfalls, the city was offering voluntary furloughs to staff and initiated a freeze on hiring temporary, seasonably employees.
“Our city unfortunately encountered something that an increasing number of agencies are dealing with,” Harkins said.
This is true. Last August, a ransomware attack at Regis University impacted 1,800 computers on campus and crippled its network. A university spokesperson confirmed that officials agreed to pay a ransom, but wouldn’t say how much.
The Colorado Department of Transportation (CDOT) was also the victim of a ransomware attack. In this case, the two hackers tried to get the agency to pay in Bitcoin.
Two men from Iran were indicted in this particular attack, which also targeted public agencies around the country.
And in Erie, a town employee resigned after accidentally sending $1 million to scammers posing as the construction company behind a bridge project.
SUGGESTED VIDEOS: Local stories from 9NEWS