MIDDLETOWN, Ohio — Two weeks have passed since Middletown city services were disrupted by a cybersecurity incident, and one local security expert said it likely involves a ransom request.
Richard Harknett, director of UC’s Center for Cyber Strategy and Policy and co-director of the Ohio Cyber Range Institute, said it was likely a ransomware attack.
“From the reporting that I have seen, it seems like a classic ... ransomware, encryption type attack,” Harknett said.
The most likely scenario, he said, is a “criminal gang” went in and encrypted systems, leading to the system itself being locked.
Harknett said organizations rolling out these attacks are “sophisticated,” sometimes including an encryption and a negotiation team. These teams will then ask for ransom funds in exchange for the “encryption key” to unlock the systems.
Alex Hamerstone, an Advisory Solutions Director at Trusted Sec, said these ransomware incidents are “extremely common.”
“Municipalities are a huge target for them,” he said.
Middletown is the third Butler County government that has been affected by a cyberattack this year. Liberty and West Chester Twp. governments were impacted most recently.
The governments are hit because many do not have the budget or staff for best practice cybersecurity programs, according to Hamerstone.
Harknett added Middletown’s lack of specific details regarding the incident is “not unusual.”
“The general advice from FBI and other law enforcement agencies is to not talk publicly about this,” he said.
Though, he said, this practice is “very frustrating for the public.”
Hamerstone said municipalities have a “higher obligation” to communicate with their residents, but said many do not want to put out incorrect information or may not have all of the information.
Moving forward, there are ways for local governments to protect themselves from cybersecurity attacks, according to Harknett.
The Ohio Persistent Cyber Improvement Program for Local Governments is a free program offering cybersecurity training.
The program includes three cybersecurity preparedness levels, with each level consisting of education, training, exercising, mentoring and improvement. It started last year through a federal grant for situations exactly like many local governments and entities have faced this year.
Cybersecurity incidents in Butler County
Tuesday morning, West Chester Twp. was notified of a cybersecurity issue involving its network that targeted its central email service.
It is the township’s second such incident this month, with the first occurring Aug. 12. The first attack was isolated and contained, the township said in a statement.
The township’s email is down and some other functions are not working, Brianna Wooten, township spokeswoman said, declining to elaborate further while the investigation is continuing.
Liberty Twp. is also working with law enforcement and consultants to investigate a May 5 ransomware attack. Last month, letters went out to about 600 individuals — mostly employees — whose personal information may have been compromised. They are being offered identity theft and credit monitor services for 12 months, said Caroline McKinney, township administrator.
How can citizens pay bills, access services and contact city staff?
Middletown provided an update Wednesday on the incident, informing citizens of services currently available at the city building.
Payment windows in the city building lobby are open, but account information cannot be accessed and new utility accounts cannot be opened.
The income tax office is also now open and accepting payments, though account information cannot be accessed.
Email, phone and website services remain unavailable.
Utility billing invoices can still be paid online through InvoiceCloud, though there is a credit card charge.
Middletown Municipal Court is running on its normal schedule, and anyone with a pending court case should report as scheduled. In-person services for court administration; criminal and traffic ticket payment; and clerk of courts and warrants are open.
All services have resumed at the Middletown Health Department, including birth and death certificates and inspections.
It is open to the public for in-person services 8 a.m. to 5 p.m. Monday-Friday at the city building.
Citizens needing to contact certain services can call established secondary phone lines:
Middletown Police (non-emergency): 513-425-7701. Those experiencing a criminal or medical emergency should call 911.
Middletown Health Department: 877-774-4636
Code enforcement: 513-635-2331
Building inspection/zoning: 513-760-8455
Middletown Regional Airport: 513-236-3238
The Event Center of Middletown: 513-567-0788
What happened
The city has not commented on the cause of the cybersecurity incident or what information was accessed, though on Aug. 22, preliminary findings were released, stating some “city employee information may have been affected.”
“City staff are being informed of this development and advised on security measures that can be taken to protect their information moving forward,” a city statement read.
In their Wednesday update, the city said it is in the “forensics phase” of the cybersecurity investigation and is “working diligently to restore full operations as soon as possible.”
The city did not give clarification on what type of employee data may have been accessed.
The cause of the incident and what information was accessed remains under investigation by local, state and federal agencies.
Writer Sue Kieswetter contributed to this report.
