Ransomware attack – The Original Lampasshole

Monica Wright’s Lack of Network Certifications is Embarrassing

For 14 years now, Monica Can’t-Wright has been polishing a seat in the IT department for the City of Lampasas. First as a basic drone and then later, she was (incredibly) elevated to “IT Director”. I suspect she was made “Director” and someone else hired as her underling because they needed someone who actually knew how to turn on a computer but didn’t have the heart to fire her. It’s the only explanation that makes sense to me.

Yet for 14 years, she has not earned ONE SINGLE certification in the area of network administration that would usually be considered a MUST for her job.

What are normal requirements for her august job title? A recent job posting gives us an idea.

Take the City of Copperas Cove, for example. They recently posted a “help wanted” ad looking for a new Director of Information Systems. According to the ad, “applicants must currently hold AT LEAST ONE of the following computer certifications: A+, Network+, Microsoft Certified Professional (MCP) or equivalent; or be able to obtain at least one of these certifications within 6 months of employment in the position“.

Most of you don’t know what those mean. Here is a summary of each:

A+ – certification represents entry-level competency as a computer technician and is a vendor neutral certification that covers various technologies and operating systems. By 2014, over one million people worldwide had earned A+ certification. Expires in 3 years. Certification prior to January 1, 2011, is considered good-for-life (GFL) and does not expire.

Network + – is a CompTIA computer networking certification that includes computer network concepts, installation and configuration, media and topologies, management, and security [emphasis mine]

MCP – The Microsoft Certified Professional or MCP Program is the certification program from Microsoft that enables IT Professionals and Developers to validate their technical expertise through rigorous, industry-proven, and industry-recognized exams.

Monica, the supposed HEAD of the IT Department, possesses none of these. Not one.

These all seem extremely basic. WAY easier than the types of certifications someone in her position should have after 14 years. Private sector network people (the kind who EARN their pay) go much further with certifications like their CCENT or CCNA or CCNP. Neither Monica nor her underling Kristy Acevedo possess any of those three. Shocking, I know.

[I have spoken with a FORMER City of Lampasas Network administrator who worked under Monica before Acevedo was hired. HE possessed some of these certifications. He also eventually quit because (as he made clear to me in person) “Monica has no F*@&#^ing idea what the hell she is doing” (this is a paraphrase by me)]

The REALLY sad part is that the City of Lampasas would very likely FULLY PAY for these certifications as ~~beginning~~ continuing education for Monica so that she could actually learn to do her job, rather than farming out tens of thousands of dollars to TSM Consulting, Watchgaurd, and others. The only reason I can come up with as to why this hasn’t happened in FOURTEEN YEARS is that Monica isn’t capable of passing them.

The City manager is complicit in this as well, for failing to ensure a competent IT professional is in charge. As is City council, since Spinley supposedly answers to them. You might think a massive cyber attack back in August that cost the city tens of thousands of dollars in ruined equipment and overtime might make them ask some tough questions.

Nope. They not only didn’t ask any questions, they stonewalled me from asking any myself with City attorney Jo-Christy Brown. So there has STILL (5 months later) never been an explanation as to how it all went down.

Finley “Elmo” deGraffenreid will continue to make The Seven Goldfish dance to his tune in 2020, I’m guessing!

Tyler Technologies, Incode Software and What REALLY Happened During Ransomware Attack – PART I

The City has been paying Tyler Technologies a tidy sum every year since at least 2014. Tyler provides Incode – which (as far as I can tell) is the software than runs all the utility payments for the city, among other things. Below are the amounts paid to Tyler since 2014 (as far back as I bothered to look – not sure how long they have been under contract):

2014 – $33,939.65
2015 – $35,540.42 (+4.70%)
2016 – $37,984.99 (+6.87%)
2017 – $39,820.80 (+4.83%)
2018 – $41,762.43 (+4.87%)
2019 – $43,816.63 (+4.92%) – this is AFTER Ransomware disaster!!
Average over five years: +5.82% per annum
2020 – $45,693.33 (+4.28%)
2021 – $47,463.11 (+3.9%)
2022 – available next month…my guess is it’ll be over $50,000

I am really in the wrong business. Only as a government contractor can you raise your prices by 5.8% like clockwork every year and nobody bats an eye. It’s not like this software runs on gasoline and the price of fuel went up 6%….or there are parts made of silver that wear out and need to be replaced. No, it’s a string of code with no moving parts…they just raise it because they can.

MAYBE they raise it because they have to pay their tech support guys more and more every year. Those people who are on the other end of the line when the sh!t hits the fan and Monica/Kristy calls up in a panic asking them to “remote in” to fix the ransomware disaster they are sitting in the middle of. That must be it, right? I mean, for over $40,000 per year, you MUST get SOME kind of customer service, right??

Not exactly.

I requested internal City Hall emails of Monica, Kristy, Finley and Gary covering the period from Aug 15th through mid-September…during the August 16th ransomware disaster (which I estimate has cost the City roughly $40,000 in new computer equipment). Those emails do NOT paint a pretty picture when it comes to Tyler Technologies. Yet, the City STILL renewed their contract AND got bent over for a 5% increase!! Such amazing negotiators over there at City Hall. No wonder developers are flocking to Lampasas with their candy bags and departing with $100k each!

Up next – copies of internal emails during The Great Ransomware Disaster of August 16th.

Not Only Has IT Department Head Monica Wright Not Explained Ransomware Attack – She Skipped The Next City Council Meeting!!

For those of you not aware, on August 16th the City of Lampasas was hit by a ransomware attack. The city network apparently having been left wide open by our TWO highly-paid computer experts. Here is a timeline of what transpired.

You’d think after the city was held hostage for ten days and at LEAST $36,000 worth of equipment was ruined (that we know of), City Council might have some questions and Monica Wright (the HEAD of the IT Department) might have some answers or explanations about how it happened and why it won’t happen again.

Nope.

One reason for the lack of details was that Monica Wright couldn’t even be bothered to show up for the August 26th City Council meeting to make her departmental report!! She sent her sidekick and supposed “network administrator” to the meeting instead [page 1: City Staff present]. See photo of minutes below:

There are only two explanations for this: Monica was on one of her many vacations OR she was afraid to face the music. She loves having the title and extra pay of a ‘department head’, apparently….but she doesn’t want all those icky responsibilities and hard work.

Well, at least Kristy was there to explain it all – since she is ostensibly (look it up, Monica) in charge of the City’s network.

Nope. Apparently Kristy sat there twiddling her thumbs the entire meeting. No report was made by her either. The fire chief made his report and that was the end of any departmental reports (see pages 5 and 6). See photo below:

Not only that, City Council (whom I call The Seven Goldfish, due to their very short memories) didn’t even ask about it!! In fact, Misti Talbert THANKED them for their hard work and that was the end of it.

I’d like to tell you that City Manager Finley “Spinley” DeGraffenried was there to make a report on the cyber attack, but HE wasn’t there either! He sent his assistant Gary Cox to “commend the IT and Finance Departments” over the ransomware attack. I assume he included the Finance Department since they will be writing a bunch of huge checks to replace all the ruined computer servers and computers, right?

Another $30,388 Requested For Computers and Servers Ruined in Ransomware Attack – New Total Damage at $36,604

The hits just keep coming! In addition to the $6,216 Monica Can’t-Wright is requesting for new computers wrecked by the recent “minimal impact” ransomware attack, there are even MORE requests to replace ruined equipment.

Only in Lampasas government would the Mayor praise our IT Department with one breath, and in the next breath be approving $36,604 to replace equipment ruined in the attack they allowed.

The Wastewater Department needs a new SCADA computer, since the old one was “compromised in the recent ransomware incident and is not operational” – request for $15,995.00 (page 131)

City Hall servers wrecked in ransomware attack – $14,393.58 (page 125).

Wow. I wonder how many more pieces of expensive equipment were wrecked in this ‘minimal impact’ ransomware attack.

I guess the “hard work” the IT team did was to write up purchase orders for all the equipment they allowed to be wrecked by leaving the city network open to attack. Great job, team!!

Monica Can’t-Wright Requests $6,216.36 In Emergency Funds for Computers Ruined in Ransomware Attack

Apparently the “minimal impact” ransomware event wasn’t entirely minimal. The first casualty popped up in City Council packets (page 103): Monica needs $6,216.36 to replace some ruined computers.

Over $1,000 per computer? Seems high – I see nice computers on Amazon for $300 all the time. But after digging, I see some of that is also for some new monitors! Because computer viruses always ruin the monitors too, right Monica? Or maybe somebody is just using this debacle as an excuse to buy some fancy new monitors. I’d place my bets on the latter.

Must be awesome to work for the city IT Department: Blow hundreds of thousands per year on fancy equipment, take 8 or 9 weeks off every year, get almost $30,000 in benefits IN ADDITION to your bloated salary, leave the City network open to attack and STILL get to keep your job, nobody asks you a single question about how it happened and THEN you tell Spinley and The Seven Goldfish you need over $6,000 to buy some new stuff because you wrecked the old stuff.

Hell, $6,200 is spit in the ocean compared to a $185,000 bathroom – the Goldfish won’t even bat an eye.

Rest assured I have requested records on which department these computers were from, how old they were and what they originally cost. Maybe Jo-Christy Brown will deny me that information as well.

City Attorney Stonewalls My Request For Ransomware Attack Details.

Far from being questioned or chastised about the recent IT Department screw-up which left the City’s computers open to attack, Monica Can’t-Wright and her accomplice Kristy “The Joker” Acevedo were PRAISED for their “hard work during the ransomware attack”! Seriously – there were ZERO questions from City Council about how the attack happened or why the IT Department got caught with their pants down (Council minutes page 66).

Only in government work can you screw the pooch that hard and then get praise for helping to clean it up. In the private sector, you’d probably be looking for a new job. God forbid The Seven Goldfish ask a single question about the entire incident – they have already forgotten it entirely!

What exactly did Monica do to save the day? What were the “emergency protocols” the quick-thinking Monica implemented? The City won’t say! That’s right. After I requested a copy of these supposed “protocols” that Monica implemented, the City attorney, Jo-Christy Brown produced six pages of drivel (lots of billable hours!) in a letter to the Texas Attorney General’s office explaining to them why the City of Lampasas should be able to deny my request.

Of course, I know damn good and well there ARE no protocols. But Ms. Brown and the City of Lampasas are taking the ridiculous position that release of any of this data “might result in a ‘targeted attack’ towards any perceived vulnerabilities”.

So, if I were to ask the fire department any questions about how they respond to fires, they would deny my request in a tizzy because I might use that information to go and burn down some houses?? Absolutely ridiculous.

Just more of the same from the Talbert administration: screw it up then cover it up and tell the citizens to pound sand.

“Minimal Impact” Computer Disruption From Cyber Attack Appears to End on Day Ten

Well, ten days after the initial ransomware attack, the City appears to have their utility department website back up! Great job ~~tech department~~ TSM Consulting!! Can we assume ALL systems are back to normal? Hopefully the Dispatch or Radiogram will have some real information on this.

Now, we will await a full accounting of what exactly went down, how it was solved, and what will stop it from happening again.

The Finley-Spin Begins. Here is a TRUE Ransomware Timeline

City Hall is already starting to spin the narrative on this ransomware attack, so I felt it necessary to start and maintain a timeline of what REALLY transpired and will continue to transpire – with my commentary in brackets:

Friday August 16: Somebody launches a ransomware cyber attack against 22 Texas cities this morning. That same day, multiple Lampasas citizens start questioning why their utility payments aren’t being processed. According to the August 21 Radiogram, “IT Director Monica Wright immediately implemented response protocols for this type of incident.” [This is the spin it took Finley FIVE days to come up with? So the official spin is “thank god Monica was there to slam the barn door shut well AFTER the cow got out, knocked over the lantern and burned down the city…the very same door she left wide open in the first place.]

[The “protocols”! Sounds very sophisticated. Like a James Bond movie. I’d guess the actual “protocol” was Monica voiding the entire contents of her bowels into her underwear, yanking the power cord of her personal computer out of the wall thinking that might help, and then running in tears to Finley’s office sobbing about some “randomware” on her computer. Finley then turns a sickly green color and calls TSM or the state of Texas or SOMEBODY who knows SOMETHING about computers, dammit!!!]

Friday afternoon August 16, Saturday August 17, Sunday August 18: Not a peep from the City about this disaster. At this point, the police and sheriff computer systems had to be down, but that was not made public. I know this because the police system was still down on Tuesday the 20th at 5pm [and yes, I have proof]. I know they will say “we couldn’t make this public since we had a target on our backs”, but that is a pile of nonsense….because remember, the quick-thinking Monica had ALREADY implemented “protocols for this type of incident”…which any moron must assume included chopping all connections with the outside Internet world to prevent further damage….right? [at this point, the City probably hoped to solve this quickly and sweep it under the rug so as to not be completely embarrassed. Thus total radio silence]

Monday August 19: I myself started getting suspicious reading about all the people unable to pay their bills and remembering the attacks in Texas the previous week. Still not a PEEP from the city 72 hours after the incident….and police systems STILL presumably down.

Tuesday August 20: Finley tells a blatant lie to the Radiogram, saying that “a series of unrelated incidences [sic] caused the Sheriff’s Department, Police Department and Utility Department to go offline last Friday and the problem is being corrected.” [Why make this blatant lie? This is why I don’t ever trust a thing Spinley/Finley says. The cat was going to get out of the bag eventually and you know damn good and well the CITY MANAGER knew this was a coordinated attack three days ago – so why tell this complete b.s. about “unrelated incidences [sic]??]

Tuesday August 20: This very blog begins to connect the dots and get info from reliable sources at the city and state level that Lampasas DID get hit – despite Finley’s lie in the Radiogram that very morning. This blog questions Gary and Finley point-blank about it by email around 3:30pm. By 9pm, ACM Gary Cox admits they were hit and federal authorities are involved.

Wednesday August 21: The Radiogram finally prints an official statement from the Police Department that includes all the b.s. Spinley/Finley has produced after five days of polishing this turd. The most laughable part of the Spinley’s yarn is this part:

“While this attack did have some impact on City operations, the City implemented its continuity of operations plan and continued to provide City services with minimal impact to our citizens……As of press time, the City of Lampasas utility department is still offline. They are assuring customers that no cut-offs, or late notices are being processed. They hope to be back on line by Friday morning”.

[Seriously?? Continued to provide city services with minimal impact? Yeah sure….everything was just fine except all the broken parts. Lol. Then a few sentences later they say the utility department is STILL offline!! AND, they HOPE to have this mess sorted out by Friday!! A FULL WEEK after the attack! (but the impact is limited, lol) That is some serious b.s. spin, right there. Wow. Bill Clinton himself couldn’t have spun dog shit into diamonds that well].

Thursday August 22: Problem still not solved. A source of mine entered city hall and saw our two intrepid IT “experts” looking “quite frazzled”. [Probably the first full week either of them have clocked in years]

Friday August 23: One full week after the attack – problem still not solved. The Lampasas Dispatch Record reports on the attack – and regurgitates much of the same palaver reported in the Radiogram. The Original Lampasshole also makes an official Open Records Request and asks for copies of these “response protocols” and “continuity of operations” plans that were supposedly implemented in the wake of the attack.

Saturday August 24: Tried to log on and use the “Pay Utilities” page….still not up. Eight days and counting!!

Sunday August 25: The “minimal impact” STILL continues – cannot log onto the utilities payment page. How long until they just give in and pay the ransom? Will it come out of Kristy’s paycheck? Do they even know how to buy bitcoin?? We shall see…

Monday August 26th: Systems appear to be back to normal after 10 days. Mayor Misti “Drunken Sailor” Talbert thanks the City Staff for all their “hard work during the ransomware attack” (page 66). No seriously. She did.

Tuesday September 3rd: City attorney Christy-Jo Brown writes a six page letter to Texas Attorney General pleading their case as to why I should be denied information about the ransomware attack. Yup – keep the taxpaying citizens in the dark. As usual.

Monday September 9th: requests come flooding in for replacement equipment to replace servers and computers ruined in the ransomware attack – currently over $36,000 of equipment is ruined.

When the the clouds of dust settle from this debacle, there needs to be a very PUBLIC and HONEST accounting of what the hell happened. Answers to things like:

How EXACTLY did they get in?
Exactly when did Finley realize this was part of the statewide ransomware attacks and how quickly did he call in the REAL experts?
How long was the police system completely down?
Was ransom demanded? How much? Did the city pay in full?
Which “experts” were called in and how much did they bill the city for this mess?
Where was Kristy Acevedo Friday morning and afternoon? She is not mentioned at all, yet her job is “Network Administrator” and the network was left vulnerable and attacked.