On mar 17, the Town of Houlton, me disclosed that they had experienced a ransomware attack. According to their disclosure, on October 16, 2019, they discovered that part of their network had been locked up by a virus that prevented access to files. The department was able to quickly reinstate from backup, and take that investigation subsequently revealed that the malware was active on the network between October 15 and october 16. further investigation revealed that unknown individual or individuals had first gained access sometime between january 25 and october 15. Two investigative firms were unable to determine whether any data had actually been accessed or exfiltrated. The department therefore prudently notified everyone who had personal info that mightiness make been accessed. Affected individuals have been offered services from Kroll that include monitoring and fraud insurance and identicalness restoration assistance. The notification signed by chief Timothy B. DeLuca continues: ease assured that we are committed to retention the data we maintain as secure as possible. We are taking steps to denigrate the potentiality for unauthorized access to our environment and making reasonable efforts to ensure the continued security of your information. That might be a bit more convincing if this was their first malware incident. But it’s not. In April, 2015, this site had quoted a account from News middle me that said, in part: The Houlton constabulary department was also hit by the same or similar virus early this week, and it locked up all their files. Chief terry McKenna said they, too, were forced to pay the ransom to get their computer data restored At the time, I had commented: So�now that theyve publicly admitted that theyve paid ransom to unlock their files, are they more likely to get hit again? canful they really be sure their employees wont shine for the next malware attempt? while it is commendable that the department was able to reinstate quickly from backup, how much has the department now spent recovering from these two malware incidents and providing services to those affected? Could that money have been break used preventing successful attacks? The department does not say how the attackers gained a foothold this time. Was it another phishing attack? And if it was, what additional steps should the department take at this point? What’s plan B if just training employees is not sufficient?