Arkansas City Water Treatement Facility Treturns to Regular Operations

The City of Arkansas City is pleased to announce that as of Dec. 18, 2024, the Water Treatment Facility has returned to regular operations following a comprehensive recovery process following a ransomware attack on September 22, 2024.
 

Overview of the Incident
On September 22, 2024, City of Arkansas City staff identified a ransomware attack targeting the Water Treatment Facility’s primary server. The attack, using a variant known as Hazard Ransomware from the MedusaLocker family, temporarily disrupted operations at the Water Treatment Facility. Thanks to backup systems and manual controls, water treatment services were maintained without interruption to residents.

Response and Investigation
Immediately following the incident, the City of Arkansas City sought assistance from Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI. Their support helped stabilize the situation and begin a thorough forensic investigation.

Additionally, the City enlisted BakerHostetler as legal counsel and partnered with cybersecurity firm S-RM, both of whom played critical roles in analyzing the attack and strengthening the City’s defenses.

The investigation confirmed that no sensitive data was accessed or exfiltrated during the attack. However, the event underscored the need to strengthen cybersecurity measures.

“This was a significant challenge for our staff, but I’m incredibly proud of their immediate response and the support from our state and federal partners,” said City Manager Randy Frazer. “Thanks to their dedication and professionalism, we successfully maintained water services and protected critical data. Moving forward, we’re committed to building a stronger, more secure system that safeguards our city’s critical infrastructure and ensures the long-term safety and reliability of essential services for our community.”

Operational Costs and Investments
The attack required temporary adjustments at the Water Treatment Facility, including 24/7 staffing, assistance from retired and external operators, and overtime for existing staff. The City has also incurred the following costs:

• Infrastructure Repairs and Upgrades: $105,201 for server replacements, software, licenses, and technical assistance.
• Legal and Investigative Costs: $58,550 for forensic analysis, legal guidance, and communications with threat actors.

Insurance will reimburse most costs except for a $10,000 deductible.