Woodburn utilities service exposed to ransomware attack
Utility customers for the city of Woodburn may have been exposed to a ransomware attack, according to a notice sent out by the city last week.
The city notifed customers on May 29 that Metro Presort, the company that the city uses to provide online utility bill viewing and payment services, was recently compromised by ransomware — a type of malicious software that blocks access to a computer system until a sum of money is paid.
At the time, it is unknown if any customer information has been compromised. According to a Facebook post, the city first learned of the attack on May 29 and notified customers via email and social media. Customers will also receive information about the attack via mail and newsletter.
The city reported that is has ceased using Metro Presort's online bill viewing and payment services, and that a forensic investigation is currently being conducted into the scope and extent of the breach.
Metro Presort is a Portland-based company that provides data processing services to local governments, banks and financial institutions, non-profits, utilities, healthcare, retail and more.
In the notice sent out, the city emphasized it does not contact customers by phone or email to request personal information or payments, and provided a list of safety tips to help prevent potential scams.
The city will transition to a new company to conduct its online utility bill services, which will be available within the next few weeks. In the meantime, customers are asked to make their payments by mail, in person, dropbox, bank drafting and payments sent from a personal bank account.
Payments can be mailed to 270 Montgomery St. in Woodburn or dropped off at the temporary City Hall located at 970 N. Cascade Dr.
1. Beware of scam calls or emails requesting personal information. Scam callers use fake caller ID numbers (caller ID phishing scam) which appear to be a legitimate number. If you receive an unexpected call from a City employee:
Ask the caller to provide their name, and title, then hang up the phone and contact the City at (503) 982-5222 in order to verify if a City employee was attempting to reach you.
Do not provide any financial information to the caller.
Do not call any numbers the caller may provide as the number may be phony.
2. Consider changing online passwords that share the same username/password as the utility bill account. Passwords should be updated periodically and should be unique for each website.