You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Despite Warnings, City Thought They Were Safe

Despite warnings from cybersecurity professionals, the City of Florence suffered a brutal cyberattack.

The City of Florence, Alabama can't say they weren't warned!

It all started when the City's IT Manager fell for a Phish. They didn't remediate the problem in time. And now it has cost the city $300,000 in Bitcoin.

This all after a cybersecurity journalist notified the city of a likely threat 12 days BEFORE the attack occurred.

On May 26, KrebsOnSecurity contacted the office of Florence’s mayor to alert them that a Windows 10 system in their IT environment had been commandeered by a ransomware gang.

The warnings were treated like a hot potato. No one wants the stains of a cyberattack on their hands. To make matters worse, the City's IT Manager is the one who fell for a Phishing email!

The Florence IT manager's Microsoft Windows credentials were stolen on May 6 by a DHL-themed phishing attack and used to further compromise the city’s network.

So the attack started with the IT Manager's mistake, then allowed to continue when no one took the necessary actions. And in the end, the attackers hit the city with DoppelPaymer, a vicious Ransomware variant.

DoppelPaymer will steal reams of data from victims prior to launching the ransomware, and then threaten to publish or sell the data unless a ransom demand is paid.

Stealing data and threatening to release has become a very popular form of attack for hacker groups (see here and here)

“We were trying to get another [cybersecurity] response company involved, and that’s what we were trying to get through the city council on Friday when we got hit.”

Unfortunately, the city was simply too late in getting protected. In fact, the hacker group might have been in their network for weeks before launching the ransomware attack.

“It appears they may have been in our system since early May — over a month going through our system." - Florence Mayor Steve Holt

Local governments are already over-burdened, even when not dealing with a Pandemic. The next step is preparing your employees to address this Ransomware problem with Security Awareness Training. (Texas did so here)

Are you ready to take action?
You already have a lot on your plate, so we make it easy. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

To get a quote, set up a call with our (non-pushy) team here!

Original articles here and here.
[https://krebsonsecurity.com/2020/06/florence-ala-hit-by-ransomware-12-days-after-being-alerted-by-krebsonsecurity/]
[https://www.securityweek.com/alabama-city-pay-300000-ransom-computer-system-hack]

Joel Cahill

Cyber security enthusiast. Entrepreneur.