Last week, hackers stole data from Delaware County, Pennsylvania and asked for a $500,000 ransom. New reports claim the county has buckled and will use its insurance coverage to pay the fee and restore the data.
The cyber attack led to the county taking parts of its network offline when it discovered the compromise.
"The County of Delaware recently discovered a disruption to portions of its computer network. We commenced an immediate investigation that included taking certain systems offline and working with computer forensic specialists to determine the nature and scope of the event. We are working diligently to restore the functionality of our systems," said the county.
The county added that the Bureau of Elections and the County's Emergency Services Department were not impacted and were on separate computer networks from The County of Delaware.
“There is no evidence they were impacted by the disruption,” it added. “The County is working to resolve this issue as quickly as possible and will provide updates when they are available. Thank you for your patience as we work to restore the functionality of our systems.”
It is thought that the IP address for the Delaware County attack is tied to the Netherlands, but the attack could have originated elsewhere.
Chad Anderson, senior security researcher at DomainTools, told IT Pro that ransomware authors have increasingly gone after the double extortion attacks for the simple reason that this further encourages their victims to pay.
“When sitting on a treasure trove of sensitive personal information, attackers know that the looming threat of exposing it on hacking forums gives them more leverage to instigate a payment. This all comes of course with an increasing number of businesses paying, further incentivizing attackers to use this extra leverage,” he said.
Anderson added that governmental bodies and public entities are particularly attractive targets for cyber-crime gangs and nation-state actors because of the financially lucrative or politically sensitive information they hold.
“Government minsters, civil servants and anyone else involved in the process of government need to be especially vigilant to phishing emails – which remain the most popular entry vector for ransomware - and the security measures in place need to be the most stringent available, including user training on the risks and tell-tale signs of a phishing attack and email filtration systems,” said Anderson.
-
HSBC partners with Mistral to fuel bank-wide generative AI adoptionNews The multi-year, strategic partnership will focus on transforming a range of services and tasks from customer-facing to fraud detection and more
-
Google drops cloud complaint against MicrosoftNews Anticompetitive concerns aren't gone, but Google is leaving the battle to the EC instead
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
