Ransomware Takes a Swing at the City of Albany, New York

Delaware, USA – April 2, 2019 – Last weekend, a ransomware attack wreaked havoc on the City of Albany, New York. According to Mayor Kathy Sheehan, there is no evidence that any personal info has been stolen, but City employees will be provided with credit monitoring. The attack occurred on Saturday, March 30, and by Monday, it was possible to restore most of the services. Apparently, in contrast to the attack on Jackson County, Georgia, the City of Albany authorities decided not to pay a ransom for decrypting the data, and continue to restore files from backups. The attack affected the police department as well depriving the officers of access to emails, it also encrypted systems in the patrol cars, which affected the response time of the service and the processing of calls to the police. So far, there is no information which group conducted the attack or which strain of malware was used. Adversaries used Ryuk ransomware in a recent attack on local governmental systems, and it brought them $400,000. Also last year, other threat actors used SamSam ransomware in the devastating attack on the City of Atlanta and BitPaymer ransomware in the attack on Matanuska-Susitna Borough.

Recently, researchers spotted a decline in the interest of cybercriminals to coinminers associating this with a fall in the cryptocurrency rate and the closure of the popular Coinhive platform. New ransomware attacks become more costly to organizations: Norsk Hydro lost about $40 million from LockerGoga ransomware attack. Also, attackers invent new ways to speed up encryption during attacks, leaving security teams less time to respond. For the timely detection of threats, you can use the Ransomware Hunter rule pack that helps SIEM to spot threats at every stage of Cyber Kill Chain: https://my.socprime.com/en/integrations/ransomware-hunter-hpe-arcsight