The ransomware crippled some of the city's services, although the officials worked on swift recovery
On Match 30th, the City of Albany, New York, experienced malware attack. According to city Mayor Kathy Sheehan, ransomware managed to enter online systems, which impacted several services, including the issuing of birth, death and marriage certificates. Nevertheless, the Mayor said that the officials worked over the weekend to recuperate from the attack:
The City of Albany has experienced a ransomware cyber attack. We are currently determining the extent of the compromise. We are committed to keeping you informed and will provide updates as they become available.
It was also reported that the city's police department was cut out of the departmental email service, scheduling system, or any other application that runs using an internet connection. Despite that, most of the other services are not impacted and are available to the public, as well as all the employees were expected to come to work during normal hours on Monday. The police work is also not affected by the incident.
It is currently believed that no personal information of Albany City's employees or its citizens was compromised in the attack.
Incident is currently investigated
There are not many details published about the attack itself, i.e., how the malware got into the system, the name of the threat, as well as if the ransom demand was paid to cybercriminals. Nevertheless, the fact that the city is working on restoring its systems most likely means that the request by the malicious actors was not fulfilled.
Mayor said that the ransomware attack was flagged by security software on Saturday, although she does not give any specifics on how the virus got onto the system. Judging by previous ransomware attacks, it is most likely that a phishing email was opened, although Remote Desktop Protocols are also being actively exploited by hackers when attacking high-profile targets.
People are offered to directly contact the city officials for services that were impacted by the ransomware
In the official press release, the City of Albany explained about the new arrangements about the services that were impacted:
City officials have worked throughout the weekend responding to this incident. All City employees will report to work during normal business hours on Monday, and City buildings will be open to the public at 12:00 p.m. City Court services will operate during normal business hours.
Those who are seeking copies of Birth Certificates, Death Certificates, or Marriage Certificates should visit New York State Vital Records Customer Service Lobby, while those requesting marriage licenses are directed to City/Town Clerk’s Offices. Additionally, the city is also prompting people to visit neighboring municipalities – Colonie and Troy during the time of limited service.
Major ransomware attacks are nothing new – several other cities were previously compromised
Ransomware works on a money extortion principle – it locks up data with predetermined file extensions and then demands ransom for the decryption tool. Malware developers usually focused on the high-scale-low-revenue-form-each-victim scheme. Nevertheless, users' files are often not as important as the ones of high profile companies, as well as those stored on cities' systems. For that reason, regular users rarely paid the demanded ransom, resulting in low efficiency of the business model.
Therefore, hackers started large scale attacks, targeting governmental institutions, industry giants and even cities. Such threats like SamSam, Ryuk, and the most recent, LockerGoga, are known to for its tremendous impact on hackers' targets.
Possibly the most notorious case occurred last year in March when SamSam encrypted files of Atlanta city and demanded $51k ransom. While the payment was not transferred, the city spending over $2.7 million for recovery procedures, which later increased to $9.5 million. It is yet unknown what price tag will be put on Albany city attack, however.