Pierluigi Paganini
June 12, 2020
The Council of Florence City voted unanimously at an emergency meeting this week pay the ransom requested by attackers that hit the City’s system. The payment will me made using the city’s insurance fund in an effort to preserve information of city workers and customers and quickly resume operations.
“It appears they may have been in our system since early May — over a month going through our system,” Mayor Steve Holt said.
In late May, KrebsOnSecurity alerted numerous officials in the City of Florence, that their IT infrastructure had been hacked by ransomware operators. On June 5, the attackers completed the deployment of ransomware and demanded a $300,000 ransom worth of bitcoin.
“On May 26, acting on a tip from Milwaukee, Wisc.-based cybersecurity firm Hold Security, KrebsOnSecurity contacted the office of Florence’s mayor to alert them that a Windows 10 system in their IT environment had been commandeered by a ransomware gang.” reads the post published by KrebsonSecurity.
“Comparing the information shared by Hold Security dark web specialist Yuliana Bellini with the employee directory on the Florence website indicated the username for the computer that attackers had used to gain a foothold in the network on May 6 belonged to the city’s manager of information systems.”
City officials believe that attackers did not steal any information, but now plan to pay the ransom demand to avoid that ransomware operators will leak its data.
“We’re having to approach it from the standpoint that we’re going to have to assume—we know they have some of our information, we don’t know that they have our critical information, frankly don’t think they do but we don’t know,” Mayor Holt said.
Mayor Holt confirmed that the City’s system was infected with the DoppelPaymer ransomware.
An external advisor told the City council that DoppelPaymer has a reputation for not releasing information after a ransom has been paid.
Mayor Holt confirmed that the City asked DoppelPaymer to give the city proof that they will delete the stolen information.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – City of Florence, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
