Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

Florence, Alabama Hit with Ransomware Days After Alert of Compromise

June 11, 2020

KrebsOnSecurity reports that in late May, they alerted multiple officials in Florence, AL that their information systems had been compromised by hackers. Just shy of two weeks later, on June 5, the hackers seized upon their target deploying a ransomware attack, with a demand made of $300,000 worth of bitcoin. City officials are planning on paying the ransom.

The KrebsOnSecurity team received a tip from cybersecurity firm Hold Security that a computer system had been compromised by a ransomware gang. The team was able to determine that the compromised computer belonged to the city’s manager of information systems. A call was placed to the offices to alert the city officials of the compromised system, where the call was transferred multiple times, and where it eventually ended up on a non-emergency line for the Florence Police department, in a voicemail. The responder from KrebsOnSecurity then placed a call to the city’s emergency response team.

A technician with the response team returned the call stating “I can’t tell you how grateful we are that you helped us to dodge this bullet.” The team thought that the issue had been resolved; however the attack on June 5^th still happened and managed to shut down the city’s email system. Florence Mayor Steven Holt acknowledged that the city was being extorted by the ransomware group known as DoppellPaymer. The group demanded that a ransom be paid by the city or that the stolen data would be published or sold.

The original point of compromise came from a phishing attack aimed at the IT manager, which allowed their credentials to be stolen, allowing the attackers to further compromise that city’s network. Following the notification on May 26, the city took preventative measures to stop a possible attack, and when the attack hit, they were attempting to get funding approved for a more thorough investigation and remediation.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Sensei Enterprises

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Digital Forensics Dispatch

Florence, Alabama Hit with Ransomware Days After Alert of Compromise

Ride the Lightning

Your IT Consultant

Disclaimer