Azusa Police Department hid 2018 cyber attack
In the aftermath of a disclosure that sensitive Azusa Police Department records had been hacked by criminals, city officials now acknowledge they experienced another costly ransomware attack that they hid from the public for nearly two years.
In the fall of 2018, the city, through its cybersecurity
insurance carrier, paid $65,000 ransom to an unknown hacker organization to
regain control of 10 data servers at the Police Department, Azusa City Manager
Sergio Gonzalez said Thursday.
“We were able to unlock one server after the ransom was paid
but immediately after found a free key to unlock all other locked servers,”
Gonzalez said in an email. “No information was compromised. Our servers were
just locked. We verified with forensic experts that no data was compromised.
That’s essentially why we did not and were not required to report it
(publicly).”
The 2018 breach apparently was caused by a virus unleashed
after a city employee opened an email or link.
Forensic experts cleaned, wiped and restored the servers
before putting them back online. Additionally, city employees received computer
security training and updates to software and virus protections were provided.
History of hacks
However, those precautions didn’t prevent the most recent
cyber attack at the Police Department, which was discovered March 9 and
reported publicly May 27.
That attack was perpetrated by DoppelPaymer, a notorious and
shadowy ransomware gang known for extorting victims and then posting their
sensitive information on the dark web if the ransom isn’t paid. It is among
several rogue hacker groups that have been blamed for recent attacks crippling
industries in the U.S. and abroad, including Georgia-based Colonial Pipeline
and JBS S.A., the largest meat producer in the world.
DoppelPaymer demanded 10.33 bitcoin, and then raised the
ransom to 15.5 bitcoin, which at the time was about $800,000, Gonzalez said.
“In consultation with incident response partners, including
federal law enforcement, the department ultimately declined to participate in
any ransom payment,” said Gonzalez, adding he could not disclose the type of
information that was compromised due to an ongoing criminal investigation.
Police reports on dark web
After the ransom deadline passed without payment,
DoppelPaymer posted to its website hacked Azusa police evidence reports, jail
records, payroll information and other data. As of Friday, the index page for
the leaked information had 11,835 views.
The compromised records also may have included Social
Security, driver’s license, California identification card, passport and
military identification numbers. Financial, medical and health insurance
information, along with data collected through an automated license plate
recognition system, also might have been exposed, police said.
Gonzalez said the latest hack is troubling.
“These types of attacks are becoming more and more common
and, to a certain extent, much more sophisticated,” he said. “We are again
working to ensure we have the best cyber defense. We have also brought in
additional resources by contracting with cybersecurity experts to rebuild our entire
system from top to bottom, including upgraded servers, software and anti-virus
programs and a more robust backup system.”
Comments
Post a Comment