GRASS VALLEY (CBS13) – Cybercriminals recently struck the City of Grass Valley with a ransomware attack that has many asking questions.
Grass Valley isn’t the first city in the region to become targets, and likely won’t be the last. Though, it came as a surprise to some community members that the city decided to pay the attacker’s ransom.READ MORE: Two-Alarm Fire Burns Multiple Structures In Rio Linda
“I think everyone’s a target,” said Matthew Coulter, a Grass Valley local. He wasn’t thrilled to hear the city made the choice to pay up. “We’re not supposed to negotiate with terrorists – it emboldens them.”
CBS13 asked city officials why they paid the ransom instead of finding other ways out.
“It wasn’t a payment to make our systems operational,” said Grass Valley Police Chief Alex Gammelgard. “It was a payment to keep our victims from experiencing future victimization.”
City and emergency services were not impacted much, and some discretionary outages were temporarily put into place. But Gammelgard said the foreign attacks copied city data and put it at risk of release. That prompted privacy concerns for the entire town, and why they made the move to handle it with ransom money.
Cybersecurity expert and UC Davis professor Matt Bishop said it’s not as rare as you think.
“Because companies and governments feel the data is critical,” Bishop said.
Other local governments have been hit with ransomware attacks over the last few years, like the City of Galt and the City of Lodi. However, they didn’t pay up.READ MORE: Proposed Campground Expansion At Auburn State Recreation Area Draws Concern Over Wildfire Risk
Though there are questions surrounding whether or not smaller towns are easy targets? Bishop said he’s unsure, but explained why attackers may see the appeal.
“They may feel the security is not as strong and in particular,” Bishop said. “They don’t make backups.”
The City of Grass Valley wouldn’t release how much the ransom was that they paid, or how much their insurance policy is – concerned about another attack in the future. Though, they did say the city has a $50,000 deductible.
“We do not expect to take an uninsured loss,” said Michael Colantuono, Grass Valley’s city attorney.
Grass Valley officials claim they’ve taken further steps to protect them from future attacks. Still, concerned taxpayers like Coulter, don’t feel at ease.
“It’s the nature of the beast these days, I guess,” Coulter said. “It’s the taxpayers who pay for it, not city hall so for them it’s no big deal to pay it.”
Grass Valley officials said the Federal Bureau of Investigation was contacted. Several state agencies are still investigating who and what was behind this. Credit monitoring is available for anyone concerned if their personal data may have been breached.MORE NEWS: Fire Burning In Highway 160 Overpass Reveals Person Living Inside
To avoid any cyberattacks, Bishop says the most important thing to be aware of are ‘phishing’ emails. They may come from emails you seem to recognize, but could be pretending to be someone you know. He said always check the email addresses, and refrain from clicking any links you don’t recognize – referencing how one click could read to this chaos.