KrebsOnSecurity reports that in late May, they alerted multiple officials in Florence, AL that their information systems had been compromised by hackers. Just shy of two weeks later, on June 5, the hackers seized upon their target deploying a ransomware attack, with a demand made of $300,000 worth of bitcoin. City officials are planning on paying the ransom.
The KrebsOnSecurity team received a tip from cybersecurity firm Hold Security that a computer system had been compromised by a ransomware gang. The team was able to determine that the compromised computer belonged to the city’s manager of information systems. A call was placed to the offices to alert the city officials of the compromised system, where the call was transferred multiple times, and where it eventually ended up on a non-emergency line for the Florence Police department, in a voicemail. The responder from KrebsOnSecurity then placed a call to the city’s emergency response team.
A technician with the response team returned the call stating “I can’t tell you how grateful we are that you helped us to dodge this bullet.” The team thought that the issue had been resolved; however the attack on June 5th still happened and managed to shut down the city’s email system. Florence Mayor Steven Holt acknowledged that the city was being extorted by the ransomware group known as DoppellPaymer. The group demanded that a ransom be paid by the city or that the stolen data would be published or sold.
The original point of compromise came from a phishing attack aimed at the IT manager, which allowed their credentials to be stolen, allowing the attackers to further compromise that city’s network. Following the notification on May 26, the city took preventative measures to stop a possible attack, and when the attack hit, they were attempting to get funding approved for a more thorough investigation and remediation.
Email: firstname.lastname@example.org Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology