City continues to recover after ransomware attack

City manager: About a year's worth of files remain encrypted

Hannah Grover
Farmington Daily Times
  • Farmington remains hopeful that the encrypted files will be recovered
  • The city does not yet know how much it will cost to recover from the attack.

FARMINGTON — The city of Farmington continues to recover from the ransomware attack that shut down computer systems throughout the city in early January.

Nikki Parks, customer care manager for Farmington Electric Utility Service, gave an update about the city's ransomware response during a customer service report to the Farmington Public Utility Commission on Wednesday.

A screen shot shows the ransomware message received by the  city of Farmington on Jan. 3, 2018.

 “We’re fully functional,” Parks said. “We have been for about three weeks, but every day we have something else come up that we deal with, but I think our customers, number one, were taken care of from the get go and we had no adverse reactions from them.”

She said no customers have complained about receiving fees that they wouldn’t normally receive.

Every customer received a bill in December, however not all customers were sent bills in January. Parks said bills could not be sent out between Jan. 3 and Jan. 16. 

More:Farmington utility always on guard against cyberattack

City Manager Rob Mayes said neither the utility operating system nor the grid was impacted by the ransomware and there was no breach of customer data. Some of the data that was encrypted included statistics, customer logs and collection data from May 2017 through January.

The business operations system for the city was where the ransomware attack hit and the data on the system was encrypted. Mayes said about a year’s worth of files are still inaccessible.

“A lot of it we are still optimistic will be recovered,” Mayes said.

The city has still not identified where the ransomware got into the system.

Mayes said the FBI advised the city not to pay the three-bitcoin ransom because it would make the city more likely to be attacked again in the future.

He said the city has not yet calculated how much money it will spend to recover. Some of those costs include overtime hours for staff, lost efficiency and new equipment and software purchased to improve the system and make it less vulnerable.

Read:Intrusion - but no attack - on U.S. energy grid is a warning, says former NSA official

Mayes said the city spoke to the FBI about the attack and was told that similar attacks happen on a daily basis around the world. He said the FBI officials told the city that the three levels of defense are a myth.

“If you think for one second that your computers are safe, they’re not,” Mayes said.

The FBI cautioned the city not to pay the ransom because it would make them more likely to be targeted again.

“I can tell you that we have a very sophisticated IT, lots of money invested in defense, three separate levels of defenses, including specialty software just for ransomware,” Mayes said. “And it cut through it like butter.”

Hannah Grover covers government for The Daily Times. She can be reached at 505-564-4652 or via email at