In 2018, Alaska’s second-largest municipal borough encountered a cyberattack unlike any it had encountered, gaining international news coverage of the ransomware attack. They did not pay the ransom; rather, the borough took the entire system down and rebuilt it. Wostmann deployed a 5-member team over five months to provide immediate aid to respond and recover from the incident, helping minimize downtime and get the municipality back up and running. Wostmann provided project managers, software developers, technical support, and a cybersecurity consultant. Working with several local firms and internal staff, we identified and assigned tasks, managed a data and application recovery pipeline, coordinated network and computer work across 46 remote sites, recovered and redeployed scores of applications and databases, identified new anti-virus software, developed a new computer image, re-imaged over 500 computers, developed a standalone application to scan drives, thumb drives, and cameras; flashed and re-set electronic signboards.
Wostmann developed an information security program which consisted of new security policies and procedures that incorporated security into IT operations such as change/patch management, user account administration, acceptable use, vulnerability testing, use of multi-factor authentication for identification of staff and contractors for remote access, and use of encryption for data at rest and in transit. Secure coding practices and principles were shared via knowledge transfer with borough developers to improve cyber security posture and reduce attack surface of the municipality’s web-based collaboration platform.
Deliverables, as part of a team, included rapid response, redeployment of more than 500 computers and VOIP phones across 46 sites, recovering and redeploying more than 20 applications and databases, analyzing antivirus tools and assisting in deployment of the selected tool, building and deploying a custom application for scanning thumb drives, developing a security program and policies, and manually installing security and other software on more than 100 computers.