A gang of ransomware launched an attack on the information technology systems in Florence, Alabama, in May. This attack occurred despite warnings from cyber security companies about the possible infiltration of the city’s infrastructure by hackers.

According to a June 8 KrebsOnSecurity report, city officials intend to pay a ransom of nearly $300,000, citing concerns that if they do not, citizens could experience leaks of their personal data. If paid, the ransom will be covered by Bitcoin.

The city of Torrance in California is still facing a ransomware demand of 100 Bitcoin Future after downplaying the amount of private data that was lost in the attack.

DoppelPaymer Group behind the ransomware attack

Wisconsin-based security company Hold Security first alerted the city to the threat DoppelPaymer posed to the city’s IT infrastructure, as well as its 40,000 residents.

Last Friday, Florence Mayor Steve Holt officially confirmed that the city’s email system was hacked. Although he did not initially acknowledge that it was a ransomware attack, he confirmed through the KrebsOnSecurity report that DoppelPaymer was behind the attack on June 9.

The mayor also confirmed that the hackers initially demanded 39 BTC (USD 378,000). With the help of an external security company, they managed to reduce the price to 30 BTC (USD 291,000), with the warning that if they do not pay this amount in full, the hackers will filter the data.

The latest victim of a ransomware attack is a NASA contractor

Speaking to Cointelegraph, Brett Callow, a threat analyst at the Emsisoft malware lab, said:

„Despite being warned that her network had been compromised, Florence was affected by ransomware due to the inadequacy of her response to the initial incident. Organizations cannot afford to be complacent when it comes to remedying incidents. A complete network rebuild is the only sure way to ensure that an incident like this does not become a ransomware event where data is encrypted and possibly leaked.

Hackers often target city IT infrastructures

Callow says the ransomware group has bragged about many other victims, including the City of Torrance, Visser Precision and Kimchuk.

Hacker sells information on tens of thousands of Ledger, Tezor and Keepkey users
DoppelPaymer is known to be one of the ransomware that asks for the most money in its attacks, mainly against companies and government offices.

Alex Holden, director of information security at Hold Security, told Cointelegraph:

„While we monitor many infamous cyber gangs, ransomware is the most preferred attack vector because of the ease of charging, paid for by the victims themselves. In addition, historically, a significant number of victims do not take alerts seriously and often do not follow best practices to end up as victims, regardless of prior notification. In addition, victims are not shy about paying ransom, as this has become a ’norm‘ in our society.

Recently, the criminal group DoppelPaymer succeeded in violating the network of Maryland-based Digital Management Inc. This company provides IT and cyber security services to several Fortune 100 companies and government agencies, such as NASA.