Ransomware attack forced Foster City council to declare a state of emergency

Foster City in California has been forced to declare a state of emergency following last week’s ransomware attack that disrupted multiple public services and possibly compromised residents’ personal information.

 

The City of Foster announced the ransomware attack on March 19, stating that its information technology staff detected the attack in the early hours of March 19 and are working with independent cyber security specialists to investigate its incident and remediate its fallout.

 

Foster City is located in San Mateo County, California, and is considered part of California’s Silicon Valley, being home to multiple technology giants and other major corporations. With a population of around 34,000, the city has a median household income of $163,322 and hosts a portion of the vital San Mateo Bridge which connects the San Francisco peninsula with East Bay.

 

In its press release, the city administration said the ransomware attack forced it to declare a state of emergency, as the attack disrupted almost every public service except for the critical 911 and police dispatch services. The state of emergency enables the City to receive supplementary financial support from outside agencies.

 

The City said the cyber attack may have compromised public information, and has advised those who have done business with the City to change their account passwords and take steps to protect their personal data.

 

“The public’s safety is our highest priority, so we encourage members of our community to take precautions that would best assure the security of their personal information,” said City Manager Stefan Chatwin. 

 

“Foster City staff, with the assistance of outside cyber security experts, are working diligently to restore the integrity of the City’s system and ensure there are no further security issues impacting services to our community.”

 

In an update released the following day, Foster City said it has activated incident response protocols and started taking steps to contain the fallout of the ransomware attack. The City is now working with independent cyber security specialists to investigate the incident and has taken all of its computer systems offline to secure its network.

 

“Our 911 operations are up and running and our emergency response personnel are available to assist our community. City Hall remains open to the public, but limited services are available during this period,” the City said.

 

On March 24, the City said in a Facebook post that its network continued to remain offline as it investigated and remediated the cyber security incident. The administration’s phone lines and email systems are experiencing disruption and staff are unable to make or receive calls or respond to emails at present.

 

“Why is the City keeping us in the dark about the extent of the ransomware attack and what recovery efforts are being made?,” a user asked. “Can the city explain why $15,000 was cut from security audit and penetration testing and $23,000 cut from backup/cloud replication in the FY25-26 budget right before this hack occurred?”

 

The ransomware incident has kept the city’s services offline for a week, and these include the issuance of business licences, building permits, construction and demolition permits, approval of residential projects, transportation services, maintenance of parks and water storage systems, and recycling and garbage services.

 

At the time of reporting, no cyber criminal or nation state group has claimed responsibility for the ransomware attack on Foster City. The City has not mentioned whether it received a ransom note or whether it is communicating with the attackers.