Westmoreland Housing Authority computers hacked |

Westmoreland Housing Authority computers hacked

Rich Cholodofsky

Westmoreland County Housing Authority officials have not responded to a ransom demand to pay what could be more than $40 million to have access restored to its computer systems.

The authority confirmed that a cyber attack rendered computers and telephones inoperable but declined to discuss specifics of the incursion that’s besieged the agency since the start of the week.

A statement issued Friday said the attack was “by a third party entity that temporarily suspended the use of the authority’s ability to conduct business activities.” Authority officials said they are working with federal housing officials and the FBI to investigate.

“No information was compromised,” said Michael Washowich, executive director of the authority.

The attack came with a demand for a payment of 6,500 in Bitcoin, an online cryptocurrency, to have the agency’s computer system restored, Board Chairman Dan Wukich said. According to a currency converter on Bitcoin’s website, the value of the demand is in excess of $40 million in U.S. dollars.

Wukich said the authority has not agreed to pay for the restoration of its computers.

“We’re going through the process and depending on the investigation we will do what is most economical and what we have to do,” Wukich said.

Authority officials said they notified the U.S. Department of Housing and Urban Development and the FBI. Catherine Policicchio, a spokeswoman for the FBI in Pittsburgh, said an investigation is ongoing.

Washowich declined to discuss details about the attack and any cyber security issues in place at the authority.

Dave Ridilla, computer informations director for Westmoreland County, said the attack did not impact county government operations. The county and housing authority are separate entities.

But Ridilla said cyber attacks are a major concern for private businesses and governments.

The county faces about 17,000 attempted hacks every week, he said.

“There is not a single solution out there that is 100 percent perfect,” Ridilla said. “We have to be right every time and a hacker has to get it right just once.”

Ridilla speculated the housing authority attack could be a ransomware incursion that infiltrates a computer system and encrypts its data. For a fee, the attackers will decrypt the system.

The county has faced similar attacks but was able to restore its own systems through backup networks, Ridilla said.

“You are walking a fine line. You want a system that’s open enough for our workers in the field to do their jobs and closed enough so no hackers can get in. It’s not a matter of if you’ll be compromised but when,” Ridilla said.

Peter Mahoney, chief information officer at Saint Vincent College, said entities such as schools, governments and business all face growing concerns about cyber attacks.

“Eventually, every organization no matter how large or small, will have to have a cyber security expert,” Mahoney said.

The attack on the housing authority appears to be confined to the agency’s administrative offices on South Greengate Road in Hempfield. Washowich said phones and computers have been down for most of the week but staff has been able to continue working despite the outages.

Washowich said he will not release additional information about the outages and the cyber attack, only that the issue appears not to have affected authority residents in the dozens of housing complexes throughout the county.

“WCHA’s staff has been working to resolve this problem and has been conducting business operations to the best of the authority’s ability during this trying time,” according the statement.

Rich Cholodofsky is a Tribune-Review staff writer. You can contact Rich at 724-830-6293 or [email protected]

TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.