In the aftermath of a disclosure that sensitive Azusa Police Department records had been hacked by criminals, city officials now acknowledge they experienced another costly ransomware attack that they hid from the public for nearly two years.
In the fall of 2018, the city, through its cybersecurity insurance carrier, paid $65,000 ransom to an unknown hacker organization to regain control of 10 data servers at the Police Department, Azusa City Manager Sergio Gonzalez said Thursday.
“We were able to unlock one server after the ransom was paid but immediately after found a free key to unlock all other locked servers,” Gonzalez said in an email. “No information was compromised. Our servers were just locked. We verified with forensic experts that no data was compromised. That’s essentially why we did not and were not required to report it (publicly).”
The 2018 breach apparently was caused by a virus unleashed after a city employee opened an email or link.
Forensic experts cleaned, wiped and restored the servers before putting them back online. Additionally, city employees received computer security training and updates to software and virus protections were provided.
History of hacks
However, those precautions didn’t prevent the most recent cyber attack at the Police Department, which was discovered March 9 and reported publicly May 27.
That attack was perpetrated by DoppelPaymer, a notorious and shadowy ransomware gang known for extorting victims and then posting their sensitive information on the dark web if the ransom isn’t paid. It is among several rogue hacker groups that have been blamed for recent attacks crippling industries in the U.S. and abroad, including Georgia-based Colonial Pipeline and JBS S.A., the largest meat producer in the world.
DoppelPaymer demanded 10.33 bitcoin, and then raised the ransom to 15.5 bitcoin, which at the time was about $800,000, Gonzalez said.
“In consultation with incident response partners, including federal law enforcement, the department ultimately declined to participate in any ransom payment,” said Gonzalez, adding he could not disclose the type of information that was compromised due to an ongoing criminal…