A ransomware attack began with stolen vendor credentials, allowing hackers to access HVAC systems and move laterally across the city’s network. While the breach was caught early, recovery took weeks and impacted critical services. The city chose not to pay the ransom but still faced reputational damage and had to offer credit monitoring to affected individuals. Key takeaways include the importance of microsegmentation, DNS firewalls, and replacing VPNs with Zero Trust access to limit exposure and prevent lateral movement.
531180