The city government in Lowell, Massachusetts, temporarily took all systems offline after a cyberattack.
Lowell officials were alerted of the security breach in late April. In response, all city computers had to be shut down, wiped and restored.
Miran Fernandez, chief information officer for Lowell's Management Information Systems, spoke at a city council meeting Tuesday, calling the incident "the biggest reboot in the city's history."
"Everything had to be collected, everything had to be wiped," he said at the meeting.
Get Boston local news, weather forecasts, lifestyle and entertainment stories to your inbox. Sign up for NBC Boston’s newsletters.
As of Monday, some city services remain unavailable as staff work to make sure operations keep going.
A post on the dark web appears to show a ransomware group called "Play" took responsibility for the cyberattack, claiming to have posted 5GB of confidential data and threatening to release more.
City Councilor Wayne Jenness says the city is working with state and federal law enforcement to investigate.
"The MIS department within the city has been extremely hard at work ever since this took place, working hard to contain any fallout from this, not allow any additional data to be leaked, and now they've moved into working hard to restore services to the city," Jenness said.
"They are in this to make money," said Steve Zuromski, vice president of information technology at Bridgewater State University. "They are criminals."
Zuromski says Play has targeted several municipalities for ransom.
"We never recommend paying the ransom or engaging with these criminals, because you never know -- even if a ransom payment is made or otherwise, this is a criminal enterprise, and we don't know that they are going to hold up their end of the bargain by not publishing the data."