[BreachExchange] FBI investigating crippling cyberattack on city of Geneva computer systems

[Sophia Kingsbury]

https://www.wkyc.com/article/news/local/ashtabula-county/fbi-investigating-crippling-cyberattack-city-of-geneva-computer-systems/95-897dc6ed-ff4d-4609-b9d8-87ec7313ccff

As the Biden administration on Monday accused China of playing a role in
ransomware attacks on U.S. businesses, word came of a crippling cyberattack
on the city of Geneva.

In a statement to 3News, city manager Joe Varckette explained that early
Friday morning, the city discovered an online breach into the city's
website and online data systems. City leaders and the information
technology department immediately began assessing the city departments that
could have been exposed.

On Monday morning, city officials contacted the FBI and the Department of
Homeland Security Cybersecurity and Infrastructure Security Agency to
report the cyber intrusion.

The city in the heart of Ohio's wine country has a population of about
6,200, according to the 2010 Census. Its small profile would seem to make
it an unexpected target of a cyberattack.

"It just happens to be that hackers saw a vulnerable system, and went after
it," said Alex Hamerstone, Advisory Solutions Director at TrustedSec, a
cybersecurity firm headquartered in Strongsville. He said sometimes targets
are well-known, "or because they're known to have a lot of money. But a lot
of times, hackers don't even see whose system it is -- they just see
vulnerable systems as they're out there scanning the internet," he
explained.

While Geneva's data systems were breached, city officials say emergency
services were not disrupted.

The city would not confirm whether it received a ransom from hackers, but
websites tracking hacker activity posted claims by AvosLocker, which took
credit for the attack. Hamerstone described AvosLocker as a newer
ransomware gang that has recently emerged.

The claims, which are not verified by city officials, nor the FBI,
described having presented a small sample of citizens' Social Security and
credit card numbers as proof of data that it exfiltrated, and threatened to
release more data if the city did not negotiate.

"That is absolutely, an extremely common M.O.," said Hamerstone, who
cautioned cyberattack victims from responding to ransomware hackers. "The
fact of the matter is, there are no assurances that you're going to get
your data back. And especially in cases in which they are threatening to
release data, there's really no assurance that they've destroyed it or kept
it," he said.

In 2019, the city of Cleveland faced a ransomware attack that crippled
computer systems at Hopkins Airport. At the time, FBI agent Bryan Smith,
who leads the Cleveland division's cyber investigations team said, "It's
the FBI's position and policy that we recommend entities not pay ransom
because you're only reinforcing bad behavior by the actors."

Cleveland city officials said they did not respond to the ransom, however,
repairs to restore its data systems cost the city $750,000.

Geneva city officials are still assessing how much, if any, of its
citizens' sensitive information was breached. But they said out of an
abundance of caution, anyone who interacted with the city in any way, in
which personal identifiable information was shared, whether online,
in-person or on paper prior to July 16, 2021, is being asked to take
monitoring precautions.

Residents are asked to:

   - Monitor financial accounts and credit reports
   - Get with credit/debit card companies to issue a fraud alert
   - Change passwords to personal accounts
   - Take additional authentication measures in all personal accounts and
   applications
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210720/b6809280/attachment.html>