Updated January 9, 2020, 8.30am BST with details.
The City of Las Vegas has contained a cyber breach, officials say, after hackers compromised systems, causing some initial service outages.
The attack was first flagged at 4:30 a.m. PST Tuesday January 8.
City officials say they do not believe public data had been accessed. The precise nature of the attack and/or malware payload has not been disclosed.
In an update posted 12 hours after the initial attack was reported, the city said: “We have resumed full operations with all data systems functioning as normal.
“Thanks to our software security systems and fast action by our IT staff, we were fortunate to avoid what had the potential to be a devastating situation.”
Las Vegas Hacked: Details Still Emerging
In an earlier comment, Vegas officials hinted at a nascent ransomware attack, saying: “People interfacing with the city may experience brief interruptions of service, but so far those interruptions have been minimal.”
City spokesman David Riggleman told the Las Vegas Review that the city faces about 279,000 attempts to breach its computer systems every month.
Quick reactions and more robust network segmentation and security systems appear to have helped Las Vegas avoid suffering the kind of incident that has recently befallen New Orleans — which was forced to declare a state of emergency — and Florida’s Pensacola: both among the US cities hit by cybercriminals in recent months.
Nearly 1,000 US government agencies, educational establishments and healthcare providers were hit by ransomware attacks in 2019.
Security firm Emsisoft says it has tracked successful attacks on 103 federal, state and municipal governments and agencies in 2019.
The New Zealand-based cybersecurity firm pointed to a report issued by the State Auditor of Mississippi in October 2019 that damns a “disregard for cybersecurity in state government,” with many state entities “operating like state and federal cybersecurity laws do not apply to them”.
That report found that many state government bodies do not have a security policy plan or disaster recovery plan in place; are not performing legally mandated risk assessments and are not encrypting sensitive information.
Security experts say comprehensive data backups are crucial to recovery in the event of a ransomware attack. As Aron Brand, CTO at Israel’s CTERA puts it crisply: “Make sure all of your data is reliably backed up and physically separated from the main dataset, with backup versions in a read-only repository. In the event of an attack, you can rollback to an uninfected file version and be up and running quickly.”
He adds: “If your data is outside your firewall, it must be encrypted. Keys should be generated and managed internally by trusted individuals, separate from any third-party service to ensure total data privacy.”