Florence, AL was targeted by the DoppelPaymer ransomware attack and officials plan to pay the ransom demanded.
A ransomware gang launched an attack on the information technology systems of Florence, Alabama in may. This attack came despite warnings by cybersecurity firms about possible hacker infiltration into the city’s infrastructure.
According to a KrebsOnSecurity report from June 8, city officials intend to pay a ransom of nearly $300,000, citing concerns that failing to do so may result in private citizens having their personal data leaked. If paid, the ransom will be covered in Bitcoin.
DoppelPaymer group behind the ransomware attack
Wisconsin-based security firm, Hold Security, first alerted the city to the threat DoppelPaymer represented to the city’s IT infrastructure, as well as their 40,000-residents.
Last Friday, Florence Mayor Steve Holt officially confirmed that the city’s email system was hacked. Although he did not initially acknowledge that it was a ransomware attack, he confirmed via the KrebsOnSecurity report that DoppelPaymer was behind the attack on June 9.
The Mayor confirmed that hackers initially demanded 39 BTC ($378,000). With the help of an external security firm, they managed to reduce the price to 30 BTC ($291,000), with the caveat being that if they do not pay this amount in-full, the hackers will leak the data.
Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft, commented:
“Despite being warned that its network had been compromised, Florence was nonetheless hit by ransomware due to the inadequacy of its response to the initial incident. Organizations cannot afford to be sloppy when it comes to remediating incidents. Completely rebuilding the networking is the only sure-fire way to ensure that an incident such as this does not become a ransomware event in which data is encrypted and possibly exfiltrated.”
The hackers often target cities’ IT infrastructures
Callow says that the ransomware group has claimed multiple other victims, including the City of Torrance, Visser Precision, and Kimchuk.
DoppelPaymer is known for being one of the ransomware that asks for the most money in its attacks, mainly targeting companies and government offices.
Alex Holden, chief information security officer of Hold Security, told Cointelegraph:
“As we monitor many notorious cyber gangs, ransomware is the most preferred vector of attack because of ease of cashing out – paid by the victims themselves. Also, historically, a significant number of victims do not take alerting seriously and often do not follow the best practices ending up victimized regardless of advanced notice. Plus, the victims are not shy about paying ransom, as it became a “norm” in our society today.”
Recently, the DoppelPaymer gang managed to breach Maryland-based Digital Management Inc’s network. This company provides IT and cyber-security services to several Fortune 100 companies and government agencies, like NASA.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.