Oak Brook was the target of a recent organized cybersecurity attack, which appears to have originated in Iran and included a ransom demand.
“The attacker made a ransom demand, which the village has refused to succumb to,” Village Manager Greg Summers said of the June 19 incident. “Our early alert system, swift action, and extensive network of backups provided the necessary measures to secure our data and restore any encrypted files.”
He said the village is not aware of any evidence of any customer or employee data being compromised or misused as a result of the situation.
Summers said village staff took immediate action, suspending all affected systems to isolate the attack, notifying authorities and activating a network of information technology, cyber defense, and legal professionals, including a third-party forensic team to resolve the situation.
“The village employs several network monitoring systems, which are constantly scanning for illicit network activity,” Summers said. “Just as designed, those systems identified the threat activity and notified Information Technology staff immediately.”
Summer said computer system forensic analysis identified failed attempts to access the village’s systems on June 18, but no breaches occurred until the early morning hours of June 19. He said that for security reasons, the nature of the initial breach is not being identified by village staff or officials.
Due to extensive forward planning and a number of backup systems in place, no data was lost as a result of the breach, Summers said.
“The attacker was able to initiate some data encryption, but early alerts and swift action from Information Technology staff largely thwarted this effort,” he said, adding that backup data files were used to recover any encrypted data.
“All delays in village systems have been a result of both data restoration and hardening of defense mechanisms prior to placing systems back online,” Summers said. “There was no data loss and all village systems have been brought back online, but are being periodically brought up and down for analysis and updates.”
Summers said based on a thorough evaluation of the village’s computer system, there is no evidence at this time that any customer or employee data was compromised or misused as a result of this cyberattack.
“Affirmative defensive actions and new security measures have already been taken to eliminate the exploit point of access and all systems are being strengthened even further,” he said.
Village Board member Michael Manzo gave kudos to Summers and Oak Brook’s IT department for a job well done in response toe the cybersecurity attack.
“The leadership from the village manager was outstanding, with daily meetings with department heads and daily updates to all elected officials,” Manzo said, “The IT department, in particular, needs to be complimented, especially (information technology assistant director) Ejaz Khan, who acted immediately, as soon as he learned there was a problem.”
Chuck Fieldman is a freelance reporter for Pioneer Press.