Lake City suffered Triple Threat ransomware attack: systems paralyzed

Ransomware attack on Lake City disables email systems, land-line phones, and similar services

Ransomware affected the functionality of several systems of the Lake City Hall.

Lake City officials have reported about a cyber attack involving the City Hall which was left paralysed and completely disabled from performing payments and similar tasks. The system was affected by the ransomware virus dubbed “Triple Threat”^[1] involving three particular attack methods used to affect the network. As a result, the entire Lake City was completely paralyzed and left without many services.

“Triple Threat” malware got into the system on June 10, 2019. Unfortunately, the investigation is still on-going, so not many details about the particular functionality got revealed.^[2] However, it is already known that government endpoints, administrative email systems, landlines, and credit card payment services got crippled. Fortunately, emergency services like Fire and Police remain unaffected. In his statement, Brian Hawkins, Information Technology Director for the City, has revealed that data of citizens hasn't been affected or leaked:

Our systems are shut down, but there is no evidence to indicate any sensitive data has been compromised. All customer service payment data, such as credit card data, is stored off-site by third party vendors and would not have been accessed by an attack like this on our network.

The City's IT team names the malware as “Triple Threat” due to specific reasons

The ransomware used three attack vectors, so there is no surprise why the name “Triple Threat” appeared in the official report from the Lake City Police Department. According to them, the malware disabled city's networks, but Public Safety system got isolated and protected by the encryption beforehand. This is the reason why Emergency service remains working as supposed to.

Unfortunately, the notorious ransomware made City Hall employees go back to using paper and pencil in various processes.^[3] Administration restored the most critical operations by relying on:

• paper receipts for water and utility payments;
• handwritten building permits.

Although payments for utilities can be made in person at the City Hall, any credit card payments cannot be transferred. The shutdown systems caused numerous delays in payments. However, IT support teams are working hard to recover the network and isolate the system to avoid any data loss. This investigation includes third-party consultant firms and expertise.

No evidence on the leakage of sensitive information

City Information Technology Director, Brian Hawkins, has noted that all the sensitive data, e.g. login credentials, customer service payment data and other credit information is stored off-site, so there is no opportunity that attackers got to that information while attacking this network. After the system got paralyzed, the department started operating using emergency cell phones so that the City Hall can remain open to the public. The data breach hasn't been confirmed because of that fact.^[4]

Since the employees and officials cannot monitor the email network, any information regarding the incident or services will be released via the Lake City Police Department's Facebook page, where the initial notice was posted.

Nevertheless, there are numerous people who are still concerned that attackers got to their personal and sensitive data. People who are having such doubts should monitor their credit card activities to make sure that no suspicious transactions or purchases are made. Additionally, make sure you follow the official updates about the cybersecurity incident. These are the steps that many researchers and victims of such events recommend taking care of.^[5]