FLORENCE, Ala. — Monday, the City of Florence confirmed that the computer system had been hit with a cyberattack. The city’s IT department, along with a contracted outside agency is working to investigate the attack.
At the time, it didn’t appear that any information was lost, stolen, or compromised Mayor Steve Holt said. However, on Tuesday, independent investigative journalist Brian Krebs released an article on his website stating that ransomware had been deployed and that the intruders are demanding nearly $300,000 worth of bitcoin.
Krebs, who is known for his coverage of cybercrime, said on May 26, he contacted Mayor Holt’s office to alert them that the system had been compromised.
Krebs reports the following day a system administrator contacted him saying that the compromised computer and network account had been isolated.
Despite their efforts, Mayor Holt confirmed that the city is being extorted by a ransomware gang called DoppelPaymer.
The Florence City Council voted unanimously Wednesday evening to use money from the city’s insurance fund to pay the ransom.
“We’re having to approach it from the standpoint that we’re going to have to assume—we know they have some of our information, we don’t know that they have our critical information, frankly don’t think they do but we don’t know,” Mayor Holt said.
An advisor from that outside agency told the council that DoppelPaymer has a reputation for keeping their word of not releasing information after a ransom has been paid.
Mayor Holt said the next step in the investigation is for DoppelPaymer to give the city proof that they will delete the stolen information.
The Better Business Bureau offers the following tips to help protect yourself from ransomware attacks:
- Practice safe searching. Don’t click on any links or call numbers listed in pop-ups, no matter how dire the message.
- Stick with legitimate, mainstream app vendors. Do not download any apps without first researching their source, even in trusted sites. They may contain viruses, malware or spyware that can compromise your personal data.
- Update your operating system. Those alerts on your computer or smart phone that tell you to update your apps and operating system are more than just an annoyance. These updates close security loopholes and other back doors hackers can use to access your phone without your knowledge.
- Be wary of public Wi-Fi. If you choose to connect to an unsecured or public Wi-Fi network, do not enter any passwords or access any personal data. Bad guys can use such networks as an easy means to hack your device.
- Use Bluetooth sparingly. Bluetooth creates a wireless connection between your phone, computer and other devices. With Bluetooth enabled, if one device is compromised all other connected devices are at risk as well. If you are not actively using an enabled device, such as a headset, make sure your Bluetooth is turned off.
- Check your permissions. Check all of your apps to see what data they are accessing and revoke permissions for information those apps don’t need to properly operate. Check your computer or phone’s owner’s manual or contact your wireless provider for directions on how to do so.
- Back up your data. Make sure you have a backup of all the apps and information — especially important photos or other irreplaceable items — stored on your device in case it’s lost, stolen, hacked or damaged.
- Keep anti-virus and anti-malware enabled and up to date. There are many resources for antivirus or other security apps for your devices. Research them thoroughly before choosing which is right for you.
Additionally, the FBI recommends businesses consider implementing the following prevention and continuity measures to lessen the risk of a successful ransomware attack:
- “Focus on awareness and training. Because end users are often targeted, employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.
- Patch all endpoint device operating systems, software, and firmware as vulnerabilities are discovered. This precaution can be made easier through a centralized patch management system.
- Manage the use of privileged accounts by implementing the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary; they should operate with standard user accounts at all other times.
- Configure access controls with least privilege in mind. If a user only needs to read specific files, he or she should not have write access to those files, directories, or shares.
- Use virtualized environments to execute operating system environments or specific programs.
- Categorize data based on organizational value, and implement physical/logical separation of networks and data for different organizational units. For example, sensitive research or business data should not reside on the same server and/or network segment as an organization’s e-mail environment.
- Require user interaction for end user applications communicating with Web sites uncategorized by the network proxy or firewall. Examples include requiring users to type in information or enter a password when the system communicates with an uncategorized Web site.
- Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy.”