[BreachExchange] Presque Isle police await hackers’ next move with stolen data after ransom deadline passes

[Destry Winant]

https://bangordailynews.com/2021/04/29/news/aroostook/presque-isle-police-await-hackers-next-move-with-stolen-data-after-ransom-deadline-passes/

PRESQUE ISLE, Maine — The ransom time clock on the Presque Isle Police
Department’s ransomware attack ran out Wednesday at about 9:30 p.m. in a
dramatic red-numbered countdown of minutes and seconds racing toward zero
on the hacker’s dark web site.

But it looks like the unidentified criminals have not yet made their next
move with the site on hold and a message of new updates, “Coming Soon,”
posted since last night.

Following an April 18 hack of the city’s server, the Avaddon
Ransomware-related cybergang threatened to begin dumping the Presque Isle
Police Department files on the dark web if police did not comply with the
undisclosed amount of ransom request.

Touring Salvage One Architectural Warehouse
“The incident was reported to the FBI,” City Manager Martin Puckett said on
Tuesday after confirming there was unauthorized access into the police
department’s server. “We were able to restore from a daily backup.”

But in keeping with standard practice, the FBI declined to comment on the
specific Presque Isle incident.

“Ransomware continues to be a persistent threat. Here in the Boston
Division, which includes all of Maine, we receive at least two to three
reports a week from new victims and we know the actual rate of infection is
much higher than what is reported to us,” FBI Boston Division spokeswoman
Kristen M. Setera said on Thursday afternoon. “According to the FBI’s
Internet Crime Complete Center, in 2020, seven victims in Maine reported
suffering ransomware attacks resulting in approximately $95,178 in losses.”


The Presque Isle Police Department was hit with a ransomware attack on
April 18 and the unidentified cyber criminals threatened to dump all police
data if the ransom was not paid by the April 28, 2021 deadline. Credit:
Screenshot
Puckett declined to comment on whether the city is considering paying the
ransom, but Setera said the FBI tells ransomware victims to not pay a
hacker’s ransom demand because it encourages continued criminal activity.
There also is no guarantee the hacker will decrypt a victim’s files, and
affected files can sometimes become corrupted from encryption, making them
unrecoverable.

Two years ago, Augusta’s city server was hit with a ransomware attack. City
officials chose to not pay the $100,000 ransom and instead, the city
rebuilt its system.

In a more recent twist, cybercriminals are using what experts call double
extortion schemes that not only hold the data hostage, after a specified
time, they also threaten to dump all the stolen files onto a dark web site
for anyone with access to read.


In the Presque Isle incident, the Avaddon-related gang said that when the
police department’s 10 days to pay were up, it would start dumping
confidential documents. So far, the only documents on the Avaddon site are
the police records posted since the initial threat which include victim
statements, domestic violence incident reports, victim’s personal
information, information on gun purchases, other police reports and
business documents.

Nearly 11,000 had viewed the posted information by Thursday afternoon .

For an unknown reason, Presque Isle Police Department and the Washington,
D.C., Metropolitan Police Department were both hit by this ransomware
attack. Cybercriminal group Babuc claimed responsibility for the
Washington, D.C., attack.


Ransomware is frequently delivered through phishing emails that contain
malicious attachments or links to malicious websites. Once the victim’s
device is infected with ransomware, the files become encrypted and they are
no longer able to access their own data. The criminal then demands the
payment of a ransom to get the files returned.

The FBI offered some protection tips:

— Use the most current and patched version of your operating system; use
the most current and patched version of your applications, such as your
email software, web browser, PDF viewer and word processor; keep your
preferred anti-malware service up to date; and do not open documents or
click on links sent from an untrusted source over the internet.

— Victims infected with ransomware are usually also infected with other
types of malware that remain hidden on their system even if the victim
decides to pay the ransom. The FBI recommends that instead of paying a
hacker’s ransom, victims perform a full remediation of any infected systems
to include wiping their computers and restoring them from offline backups.

— If you receive a ransomware popup or message on your device alerting you
to an infection, immediately disconnect from the internet to avoid any
additional infections or data losses. Contact your local FBI Field Office
for assistance and file a detailed complaint with the Internet Crime
Complaint Center (IC3) at ic3.gov.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210511/fd8f48fb/attachment.html>