A ransomware gang launched an attack on the information technology systems of Alabama city of Florence in May, as this attack came despite warnings by cybersecurity firms about possible hacker infiltration into the city’s infrastructure.
On June 8, it has been reported by KrebsOnSecurity that city officials intend to pay a ransom of nearly $300,000 by citing concerns that failing to do so may result in private citizens having their personal data leaked. If paid, the ransom will be covered in Bitcoin.
On June 5 (last Friday), Steve Holt, the Mayor of Florence, officially confirmed that the city’s e-mail system was hacked, though he did not initially acknowledge that it was a ransomware attack, he confirmed through the KrebsOnSecurity report that DoppelPaymer was behind the attack on June 9.
DoppelPaymer is known for being one of the ransomware that asks for the most money in its attacks, mainly targeting companies and government offices.
Officials from Florence, AL are planning to pay for the ransom demanded by the DoppelPaymer ransomware gang https://t.co/6QYz0FqUom — Cointelegraph (@Cointelegraph) June 10, 2020
It has been analyzed that the Mayor confirmed that hackers initially demanded 39 BTC ($378,000). With the help of an external security firm, they managed to reduce the price to 30 BTC ($291,000), with the caveat being that if they do not pay this amount in full, the hackers will leak the data.
Brett Callow, the threat analyst at malware lab Emsisoft, commented:
“Despite being warned that its network had been compromised, Florence was nonetheless hit by ransomware due to the inadequacy of its response to the initial incident. Organizations cannot afford to be sloppy when it comes to remediating incidents. Completely rebuilding the networking is the only sure-fire way to ensure that an incident such as this does not become a ransomware event in which data is encrypted and possibly exfiltrated.”
Likewise, Callow said that the ransomware group has claimed multiple other victims, including the City of Torrance, Visser Precision, and Kimchuk.
Thus, Alex Holden, the Chief Information Security Officer of Hold Security, said:
“As we monitor many notorious cyber gangs, ransomware is the most preferred vector of attack because of ease of cashing out – paid by the victims themselves. Also, historically, a significant number of victims do not take alerting seriously and often do not follow the best practices ending up victimized regardless of advanced notice. Plus, the victims are not shy about paying ransom, as it became a “norm” in our society today.”