Cleveland City Hall – $25 Your attempt to get a construction permit takes longer than expected as the application must be made in-person, between the hours of 2 to 3:17 p.m. on a first or third Tuesday of the month, and completed in calligraphy. Lose a turn as a penalty. Credit: Scene Archives
More than a week has passed since, on June 10, Cleveland’s City Hall shut down due to a “cyber incident” that it recently unveiled was a ransomware attack.

In its wake, a city stilted. While work continues, albeit slowly and without complete access to the internet at City Hall, it remains closed to the public. Birth certificates for child custody cases or public housing applications left desperate Clevelanders out of luck, as Ideastream reported. Staffers have reported feeling like going back in time to the 1980s, when paper ruled everything.

And there’s no sense when City Hall will reopen, when systems will be fully restored, and if Cleveland is negotiating with the hackers to possibly pay the ransom.

“We have our entire team focused on mitigating this threat,” Mayor Justin Bibb said at a press conference last week. “And ensuring that, to the best of our ability, city resident data is protected.” The city has been tight-lipped otherwise.

Ransomware attacks, when hackers hold mounds of private data or servers hostage for large sums, often result in attackers collecting, through an “open door” in an internal network, sensitive info—Social Security numbers, home addresses, credit card data. Hackers typically encrypt necessary files and folders until a ransom payment is made. At least in most cases.

That is, of course, if the city kowtows to such a ransom. Some cities have refused to pay and instead rebuilt systems. Others have likely paid the ransoms while also doing diligence to protect servers. In either case, the financial hit could be sizable. Ransoms asking more than $5 million have grown in recent years, and even if the city doesn’t pony up, it’s still likely paying vendors to address the situation and incurring other costs that could rise to the millions.

In a statement Friday, City Hall said its IT Department is partnering with the Ohio National Guard’s Cyber Reserve Unit and the FBI in order to determine both the extent of and the source of last week’s attack. As of Tuesday, City Hall was still shut down despite an original intention to open last Wednesday, June 12.

“The nature of the attack is still under investigation while we work to restore and recover our systems,” the statement read. “At this time, we cannot disclose anything further. While the threat as been identified and contained, this continues to be a sensitive and ongoing matter.”

Cyberattacks of this nature have been rising in the past four years, experts say, mostly due to the wide availability of ransomware tools and the relative ease of use compared to a decade ago. City Hall, in its statement, claimed ransomware attacks “have increased by 50-plus percent” since January, though did not include a source for that factoid.

The losses are often significant. A recent FBI report totaled 3,729 ransomware complaints over the past year, leading to an estimated $49 million in damages.

And, as Jeff Brancato, the head of the Northeast Ohio Cyber Consortium, told Scene, such attacks don’t discriminate by size or institution. In the past year, hackers have targeted the Seattle Public Library, the Cleveland Public Diocese, the Ohio Lottery. Just last month, a similar attack on two hospitals in London led to the discarding of hundreds of blood samples, delayed cancer treatments and C-sections.

On May 3, the city of Wichita, Kans., was hacked by a group called LockBit, who reportedly obtained city workers’ names, Social Security numbers, driver’s licenses and credit card information. As of today, the city’s still reeling from the attack. (It still relies on cash, check and money orders for some bill payments.)

“One of the things to remember is that this could happen to any organization, large or small, public or private,” Brancato said on Monday. “Everybody is vulnerable; you don’t have to be a brand name or bold face name.”

As for how much exactly City Hall could pay if they succumb to the hackers’ demands, Brancato was unwilling to give a price. Because Bibb enlisted the FBI, it’s clear the investigation involves a financial demand, which may end in the hackers being caught. (Or not.)

“The typical understanding around ransomware: they want as much money as they can get,” he said.

The city of Cleveland is self-insured, and doesn’t have coverage for this kind of attack.

Recovery can take weeks, or even months, and the tab can climb: Baltimore spent $18 million in recovery expenses after a ransomware attack, the Baltimore Sun reported.

Brancato advised Clevelanders who may have information comprised to use multi-factor authentication in high stakes realms, like online banking and email accounts. Change your passwords often, and vary them, he added. “And just be mindful and aware in general of who has your data,” he said.

City Hall said that essential city services—waste, power, water, safety, the airport—are “functioning and operating normally.”

Clevelanders can use a portal on the website of the Ohio Department of Health to get birth and death certificates, or head over to Parma and Lakewood city halls for the time being.

Subscribe to Cleveland Scene newsletters.

Follow us: Google News | NewsBreak | Reddit | Instagram | Facebook | Twitter

Related Stories

This article appears in Best of Cleveland 2024.

Mark Oprea is a staff writer at Scene. He's covered Cleveland for the past decade, and has contributed to TIME, NPR, Narratively, the Pacific Standard and the Cleveland Magazine. He's the winner of two Press Club awards.