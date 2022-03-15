AMARILLO, Texas (KAMR/KCIT) — An investigation is underway after a cyberattack caused the City of Amarillo to shut down some external connections over the weekend.

The City said on Sunday they identified the attack early and there was no data breach.

Rich Gagnon, the City of Amarillo’s public information officer, said they saw the signs of an attack on one of the IT systems at about noon on Friday, March 11.

“We shut down our external connections by two o’clock once we verified, ‘Okay this is out of the ordinary,’ because time is of the essence. Right?” said Gagnon. “If we had been wrong and not isolated it and stayed open, it could have been much worse.”

According to Gagnon, the City takes hundreds of millions of cyberattacks each year, including more than a million emails with malware attached.

“This was a fairly sophisticated approach and the truth, is the reason we caught it is because we monitor so heavily,” said Gagnon.

He said the attack was on an IT infrastructure piece, not on a server that holds information.

“So none of our data was at risk, which is all encrypted at rest, which means even if you could see it, you couldn’t read it. But it wasn’t any of those systems,” he said. “So like, think switches and routers and those kinds of things. But we wanted to err on the side of caution because as I said, we were 90% sure from the start that we had we caught this thing and quickly isolated it, but you can’t afford to be wrong, not in today’s world.”

Gagnon said the cyberattack was what is called a “zero-day” attack.

“A zero-day attack is a new way to attack a piece of equipment where there’s not a patch for it yet,” said Gagnon. “So, in other words, it’s so new that the manufacturer has not provided an update to the software to close that gap.”

The good news—Gagnon said no damage was done.

“The minute we have an incident like this, I report it to the Criminal Justice Information System…I always bring in an outside incident team so that’s not City of Amarillo staff,” said Gagnon. “I have outside agencies that are looking at this and they’re also assuring us that we did catch it. We didn’t get compromised. We didn’t have ransomware. We had no data escape.”

Gagnon said they do not yet know where the attack came from.

“We have some early indicators. I can’t share those because we’re still doing the forensics but by the end of it? Yeah, we’ll know where and we’ll know who.”

Some services were affected over the weekend after the City shut down external connections. Amarillo Police had to do reports manually as a precaution and the City’s email system was down.

Gagnon said things were back to normal on Tuesday.