Easier said than done.....
What happens if the backups are infected, reloading them will do nothing..but reinstall the malware, I’m sure that was thought of but couldn’t be done.
As far as initializing the hard drive and restoring or replacing the hard drives with new ones and rebuilding the servers.....
If the backups are bad that does you no good.
Plus, I’m sure the City has software installed besides basic Microsoft Office type products and may not be easily reinstalled....voter registration databases, police/fire dispatching systems, etc.....
Some have suggested hiring 1 or 2 competent IT people, again that’s easier said than done, an experienced and up to date IT person who could help mitigate such attacks aren’t cheap and would likely not come to work for the City unless the price was north of $150,000/year or more......
In the recent past I was a Senior Consultant for a decent sized, nationwide IT consulting company....the going rate the company charged for me to show up on site was $225/hour plus travel expenses....and that wasn’t the highest rate some of our people were billed to the customer for.....
What I have seen is the more experienced, Senior, experienced IT people are working for larger consulting companies making well into the 6-figures and would be bored stiff going to a 9-5 job for a small city....
Going forward, IMO, the best this city can do is hire a consulting company to come in, put in place a solid Cyber Security Plan and hope that employees follow the plan
In the end, even the best plans are meaningless if one person doesn’t follow the plan....I’ve worked for some well known fortune 100 companies with worldwide networks and I’ve seen senior engineers do stupid things and take down parts of key systems, we had a guy open an attachment which nearly cost him his job, he was on probation and had to undergo all types of remedial training to stay employed....
When I worked for a software development company, we had three backup drives for every drive. One was a clone of the system with all software installed, one was a week old clone, usually done sat pm/sunday am, and the other was an overnite clone of the drive. Most malware doesn’t wait for a week. But you are right, you can’t fix stupid users. all our very private work was on a physically isolated intranet, and anything from outside ran on a test computer before we would transfer it over. And as always Unix security rules.
Why would stupid employees follow a plan? They are going to click on attachments. They are going to visit malicious sites. And that's assuming they are not disgruntled. If they are disgruntled, they will install malware on purpose.