A ransomware gang launched an attack on the information technology systems of Florence, Alabama in may. This attack came despite warnings by cybersecurity firms about possible hacker infiltration into the city’s infrastructure.
According to a KrebsOnSecurity report from June 8, city officials intend to pay a ransom of nearly $300,000, citing concerns that failing to do so may result in private citizens having their personal data leaked. If paid, the ransom will be covered in Bitcoin.
DoppelPaymer group behind the ransomware attack
Wisconsin-based security firm, Hold Security, first alerted the city to the threat DoppelPaymer represented to the city’s IT infrastructure, as well as their 40,000-residents.
Last Friday, Florence Mayor Steve Holt officially confirmed that the city’s email system was hacked. Although he did not initially acknowledge that it was a ransomware attack, he confirmed via the KrebsOnSecurity report that DoppelPaymer was behind the attack on June 9.
The Mayor confirmed that hackers initially demanded 39 BTC ($378,000). With the help of an external security firm, they managed to reduce the price to 30 BTC ($291,000), with the caveat being that if they do not pay this amount in-full, the hackers will leak the data.
Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft, commented:
“Despite being warned that its network had been compromised, Florence was nonetheless hit by ransomware due to the inadequacy of its response to the initial incident. Organizations cannot afford to be sloppy when it comes to remediating incidents. Completely rebuilding the networking is the only sure-fire way to ensure that an incident such as this does not become a ransomware event in which data is encrypted and possibly exfiltrated.”
The hackers often target cities’ IT infrastructures
Callow says that the ransomware group has claimed multiple other victims, including the City of Torrance, Visser Precision, and Kimchuk.
DoppelPaymer is known for being one of the ransomware that asks for the most money in its attacks, mainly targeting companies and government offices.
Alex Holden, chief information security officer of Hold Security, told Cointelegraph:
“As we monitor many notorious cyber gangs, ransomware is the most preferred vector of attack because of ease of cashing out – paid by the victims themselves. Also, historically, a significant number of victims do not take alerting seriously and often do not follow the best practices ending up victimized regardless of advanced notice. Plus, the victims are not shy about paying ransom, as it became a “norm” in our society today.”
Recently, the DoppelPaymer gang managed to breach Maryland-based Digital Management Inc’s network. This company provides IT and cyber-security services to several Fortune 100 companies and government agencies, like NASA.