Ransomware groups continue to capitalize on underfunded and many times under secured city and county governments. SpearTip has responded to a large number of these types of incidents. At least 174 municipal institutions suffered ransomware attacks in 2019, according to research from antivirus software provider Kaspersky. This represents a 60 percent year-over-year increase.
These ransomware attacks in your local city have immediate consequences to the way a city operates day to day. Everything from the barcode scanner to checking books out at your local city library to the information coming into the public water district to be able to properly bill clients can be affected. This also leads to a loss of confidence for elected officials, city capabilities, and even in some situations concern over the police forces’ capability to prosecute crimes.
Two southern cities have been hit with ransomware in the past week. Knoxville, Tennessee and Florence, Alabama.
Cities are continuously getting hit with ransomware because of a mixture of being a soft target along with the value of data they hold such as valuable citizen and government information.
The City of Knoxville is still being held for ransom from an attack on Thursday, June 11. Although it is running on backup servers, it is still experiencing some difficulties according to city officials. This hits even harder amidst Tennessee experiencing a tornado earlier this year that devastated Nashville and coronavirus which reduced tourism.
The City of Florence, on the other hand, has agreed to pay the ransom of $300,000 according to their city officials in order to keep the data of citizens from getting published on the dark web. Keep in mind, they were warned about hackers within their environment 12 days prior to being completely ransomed but hadn’t put in the necessary safeguards within the environment to keep from being compromised. Florence is home to roughly 40,000 residents.
The city was being extorted by DoppelPaymer, a ransomware gang with a reputation for negotiating some of the highest extortion payments across dozens of known ransomware families. DoppelPaymer very often lies dormant in an environment collecting information for a period of time prior to the encryption, ultimately removing the data of everything that was stolen and covering their tracks in the process.
“We were trying to get another [cybersecurity] response company involved, and that’s what we were trying to get through the city council on Friday when we got hit,” Price said. “We feel like we can build our network back, but we can’t undo things if peoples’ personal information is released.” – Steve Price Florence IT Manager.
When your company is made aware of a potential data breach every second counts in responding and locking down your systems.
24/7 Breach Response: 833.997.7327