The mayor of Gondomar confirmed that the cyberattack on the town hall in September stands as the “largest on a public institution” in Portugal to date, resulting in a financial toll of €1.5 million.
Mayor Marco Martins, a member of the PS Socialist party, cited information from the National Cybersecurity Centre while discussing the scale of the Gondomar Town Hall cyberattack.
The intrusion occurred in the early hours of September 27, prompting immediate action.
Gondomar Town Hall Cyberattack Decoded
The alert was raised at 05:38 on the last Wednesday of September, and the repercussions of the Gondomar Town Hall cyberattack persist. Mayor Martins anticipates that normal operations will only resume by the end of the year.
We have allocated between €1.4 and €1.5 million for investments made and planned, particularly in bolstering security. This includes the procurement of over 700 discs and related services. In addition, significant financial losses were incurred due to days of downtime, amounting to many millions of euros,” stated Mayor Martins.
Following the priority of restoring services and operations, intensive efforts were made to recover 900 computers within the network. This involved replacing discs and reinstalling operating systems, software, and applications. At present, approximately 90% of the machines are operational, though certain online services remain affected.
Gondomar Town Hall Cyberattack Breaches High-End Defenses
Addressing speculations about prolonged infiltration by hackers, Mayor Martins acknowledged that despite a robust system, the attack was more sophisticated and ultimately breached their defenses. On average, the municipality faces 21 cyberattacks per month.
In response, a private company affiliated with the Altice group was enlisted to assist in data recovery. While significant progress has been made, a parallel system is still required to serve the public.
Mayor Martins disclosed that the attack originated from a Russian server, accompanied by a ransom demand of €750,000. However, the ransom was not paid for three reasons: advisory from authorities, uncertainty of data recovery, and legal constraints as a public service.
Numerous projects, both community-driven and council-led, have been affected. An external audit, set to commence this month, aims to ascertain responsibility for the attack and provide further insight into the events of September 27.
Experts suggest that the objective extended beyond financial gain or data theft, aiming to paralyze the town council. Additionally, the crisis triggered the inaugural use of the Municipal Relief Operations Centre, a facility initially envisioned for natural disasters.
The attack led to the exposure of stolen data on the dark web, including sensitive information such as citizens’ cards, passports, and even a list of City Hall investment figures. As a result, town hall operations reverted to manual, paper-based processes.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
