Last weekend the New York government announced that the city suffered a ransomware attack that managed to compromise some government administrative systems, reported ethical hacking training specialists from the International Institute of Cyber Security (IICS).
The attack focused almost exclusively on the Albany area, capital of New York, and affected the regular functioning of some of the city’s systems, of which some continue to be unable to normally operate. For now, people who wish to obtain copies of their birth certificates, marriages, licenses, among others, must wait for the restoration of the affected systems or to go to alternative locations in other cities.
“The City of Albany has become the most recent victim of a ransomware attack; we are conducting the relevant investigations to determine the full scope and impact of the incident”, said Kathy Sheedan, mayor of Albany. Sheedan clarified that the rest of the local systems and services operate normally.
According to the ethical hacking training specialists, the initial scope of the ransomware attack is still unknown, although the authorities already have some indications to determine the magnitude.
Representatives of the Albany police officers union trade recently stated that they do not currently have access to some of the local police systems, such as scheduling systems, corporate email or any system that requires Internet connection for its operation. Some officers even claimed that the ransomware has affected the computer systems installed in the patrols; these systems are used by police officers to carry incidents records, monitoring, etc.
“Because of this situation, our ability to respond to incidents may be affected, as our work tools are not working at all,” the union representatives said. “A police corporation’s computer systems should be harder to hack,” they concluded.
Ransomware attack campaign operators have shown a growing interest in compromising government systems, said the ethical hacking training specialists. Some specialists believe that the need to keep the government’s administrative systems on line makes it more likely that the authorities will agree to pay for the ransom demanded by the threat actors.
Two Iranian hackers were indicted by the U.S. Department of Justice (DOJ) for the ransomware attack campaign against some companies and institutions of the U.S. government and Canada last November. According to the DOJ, the damage caused by these attacks is estimated at over $30M USD.