Alabama City Plans to Pay Ransomware Group Despite Warnings

Published at: June 10, 2020

A ransomware gang launched an attack on the information technology systems of Florence, Alabama, in May. This attack came despite warnings by cybersecurity firms about possible hacker infiltration into the city’s infrastructure.

According to a KrebsOnSecurity report from Monday, city officials intend to pay a ransom of nearly $300,000, citing concerns that failing to do so may result in private citizens having their personal data leaked. If paid, the ransom will be covered in Bitcoin (BTC).

DoppelPaymer group behind the ransomware attack

Wisconsin-based security firm Hold Security first alerted the city to the threat DoppelPaymer represented to its IT infrastructure, as well as its 40,000 residents.

Last Friday, Florence Mayor Steve Holt officially confirmed that the city’s email system was hacked. Although he did not initially acknowledge that it was a ransomware attack, he confirmed via the KrebsOnSecurity report that DoppelPaymer was behind the attack on Tuesday.

The Mayor confirmed that hackers initially demanded 39 BTC ($378,000). With the help of an external security firm, the city managed to reduce the price to 30 BTC ($291,000), with the caveat being that if it does not pay this amount in full, the hackers will leak the data.

Speaking with Cointelegraph, Brett Callow, a threat analyst at malware lab Emsisoft, commented:

“Despite being warned that its network had been compromised, Florence was nonetheless hit by ransomware due to the inadequacy of its response to the initial incident. Organizations cannot afford to be sloppy when it comes to remediating incidents. Completely rebuilding the networking is the only sure-fire way to ensure that an incident such as this does not become a ransomware event in which data is encrypted and possibly exfiltrated.”

The hackers often target cities’ IT infrastructures

Callow says that the ransomware group has claimed multiple other victims, including the city of Torrance, Visser Precision and Kimchuk.

DoppelPaymer is known for being one of the ransomware that asks for the most money in its attacks, mainly targeting companies and government offices.

Alex Holden, the chief information security officer of Hold Security, told Cointelegraph:

“As we monitor many notorious cyber gangs, ransomware is the most preferred vector of attack because of ease of cashing out - paid by the victims themselves. Also, historically, a significant number of victims do not take alerting seriously and often do not follow the best practices ending up victimized regardless of advanced notice. Plus, the victims are not shy about paying ransom, as it became a “norm” in our society today.”

Recently, the DoppelPaymer gang managed to breach Maryland-based Digital Management Inc.’s network. This company provides IT and cybersecurity services to several Fortune 100 companies and government agencies, such as NASA.

Tags
Related Posts
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
Well-Known Ransomware Gang Strikes Three Companies in the US and Canada
Ransomware group REvil has launched another series of attacks targeting three companies in the U.S. and Canada. As of press time, they have leaked data from two of the companies, and threatened to disclose sensitive data from the third. The companies are well-known Canadian accounting firm, Goodman Mintz LLP, licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free store. First target of the week: an accounting company The gang kicked-off the week by leaking sensitive data from the Canada-based accounting company, Goodman Mintz LLP. The leak included company files, accounting and working documents of clients, …
Technology / June 17, 2020
Knoxville Is the Latest American City to Suffer a Ransomware Attack
An unidentified ransomware gang attacked the city of Knoxville, Tennessee’s IT network, forcing officers to shut down all systems on June 12. According to local news station WVLT, the attack took place sometime between June 10–11, encrypting all files within the network infrastructure. The attack forced workstations of the internal IT network to be shut down, which also disconnected internet access from the mayor’s infrastructure, public website, and even the Knoxville court. The FBI is currently assisting in the investigation, although the identity of the ransomware group behind the attack has not yet been revealed. The official statement from the …
Technology / June 15, 2020
Michigan State University Hit by Ransomware, Refuses to Pay Criminals
In early June, media outlets reported that the NetWalker ransomware gang had attacked Michigan State University, or MSU. At the time, the gang threatened to leak students’ records and financial documents. The university’s officials now have said that they will not pay the ransom. According to Detroit Free Press, the unspecified bounty requested in crypto by the ransomware group will not be paid by MSU. Officials did not publish an official statement addressing the reasons behind the decision. The attack seems to have happened on the U.S. Memorial Day holiday. It shut down the MSU’s computer systems, and breached its …
Technology / June 11, 2020
Ransomware Attack Targets Victoria Beckham’s Personal Data
Ransomware gang, Maze, strikes again. This time, the victim is a US-based independent advisory firm specializing in the consumer and retail sectors. They have a number of big clients including businesswoman and former Spice Girl, Victoria Beckham. Maze’s official dark web blog lists Threadstone Advisors, LLC as one of their victims following an attack within the last 24 hours. Threadstone Advisors, LLC worked with Victoria Beckham to establish an investment liaison with NEO investment partners. Among the advisory firm’s clients are Charles S. Cohen, Pittsburgh Brewing Co., and Xcel Brands. Stolen data leak is “coming soon” As of press time, …
Technology / June 11, 2020