The Minneapolis Park and Recreation Board’s (MPRB) phone lines continue to be down after its technology systems were attacked nearly three weeks ago on Nov. 20.
Temporary phone lines were created for the public to contact customer service, park police and forestry departments while the MPRB’s staff tried to fix the issue. The public should call 911 if park police or Minneapolis police response is needed and can reach out to the MPRB info email to reach other departments.
The MPRB is not providing interviews, said MPRB spokesperson Robin Smothers, but sent a press release that said these types of cyber-attacks are common in both private and public sectors and appreciates the public’s patience as the board works on the issue.
Rozin Security President Michael Rozin, who is also a University of Minnesota Technological Leadership Institute faculty member, said MPRB got hit by a ransomware attack by a group called RansomHub which is claiming responsibility for it.
Ransomware is when a person or persons hack into a system and then demand the company pay them to return the hacked system or data.
Ransomware groups can get access by sending a corrupted link and hoping someone downloads it, said Security Technologies faculty member at the University Shawn Abelson. Once the group is inside, they check for vulnerabilities within the system.
“If they find that the phone servers don’t have backups and that they’re very insecure, once they’re inside the network, there’s no passwords, then they might target that just because it’s the most vulnerable thing on the network,” Abelson said.
Abelson said some ways companies can protect themselves from these attacks are regularly installing updates, changing default credentials, educating employees on ransomware tactics and testing their own security.
“Testing your own security is essential,” Abelson said. “This takes a long, many, many months to do this, but those steps allow you to uncover vulnerabilities that you didn’t otherwise know about and fix them before a real bad guy shows up at your doorstep.”
Due to the MPRB’s phone lines still not functioning, Rozin said he speculates that their response plan may not be up to date. If the vendors the MPRB are using to fix the systems are busy, it may take until January to fix, Rozin added.
“Security is often one of those things that companies don’t need until there’s a major incident,” Rozin said.
Abelson agreed with Rozin and said most companies would rather deal with the repercussions than put money into preventing the attack in the first place, as prevention is difficult.
“To increase their resilience, and this is what I believe the Parks and Rec Board already did, have a plan, they have alternative phone numbers up and running for the police or the Park Board,” Abelson said. “It’s not a matter of if you get hacked, it’s a matter of when, and at this point, most companies should have a plan for what to do if some of their critical infrastructure gets taken down.”
The MPRB’s temporary phone numbers are:
Customer Service: 612-491-9099
Park Police: 612-499-9323
Forestry: 612-491-9089