Another day, another cyber attack has infiltrated a government-owned system, and it has become very alarming. This time, ransomware attacked the servers of Albany, New York’s capital, on March 30.
The extent of the damage caused by the ransomware is still unknown, and officials have been working over the weekend to respond to the incident appropriately. According to a press release available on the official site of the city, all city services will be open to the public except birth certificates, death certificates, and marriage certificates.
The city also said that all employees are tasked to report during regular business hours and operations, except those identified above, will be regularly available for anyone.
“All City employees will report to work during normal business hours on Monday, and City buildings will be open to the public at noon. City Court services will operate during normal business hours,” the city announced in a press release on its official website.
Albany Mayor Kathy Sheehan said that their IT experts and the rest of the response team are determining the exact extent of the damage and will consistently update the public for any developments as soon as they become available. She tweeted:
“The City of Albany has experienced a ransomware cyber attack. We are currently determining the extent of the compromise. We are committed to keeping you informed and will provide updates as they become available.”
A press conference is scheduled to happen on Monday, April 1st, at 12:30 PM at the Albany City Hall to provide updates on the development of the investigation regarding they cyber attack that has infiltrated the city’s computer systems. The press conference is also set to provide information regarding the availability of the services that are temporarily on hold, said Mayor Sheehan.
A swath of ransomware has been terrorizing different corporation and government systems around the world in recent weeks. Norsk Hydro, one of the biggest aluminum producers worldwide, was previously forced to shut down a part of its manual operations because of a cyber attack that targeted its computer systems and internal servers. After an investigation regarding the incident, it was concluded that a LockerGoga ransomware attacked the company.
Furthermore, just last week, the parking garage computer system of the Canadian Internet Registration Authority (CIRA), a non-profit organization managing the .ca country code top-level domain (ccTLD) and represents the Canadian domains internationally, was infiltrated by a ransomware attack that allowed employees (and practically anyone) to use a parking space for free.
The attack that happened last Tuesday has also persisted the next day when the computer systems also allowed entry to CIRA employees without verification of access cards.
According to the experts that conducted an investigation on the incident, the attack was carried out using a strain from the Dharma ransomware family.
The functionality of the parking space was still being fixed until the evening of Wednesday that allowed the parking systems at TD Place Stadium to be parked by anyone for free. An investigation revealed that the files in the organization’s systems were not back up, contributing to the slow response to the incident.
The parking lot for CIRA is operated by a private company named Precise ParkLink, so the attack was confined to its system. According to a blog post by CIRA’s communication manager Spencer Callaghan, the non-profit has no knowledge of the cyber security measures of the parking company but noted that many businesses do not take necessary cyber precautions like installing anti-malware solutions and having a formal patching policy.
“Hackers are starting to exploit those gaps at companies of all sizes and industries. The problem is no longer exclusive to large corporations or data-rich organizations. The tools hackers use are cheap, easy to find, and simple to use, which makes hacking for fun or profit easier than ever,” said Callaghan.
Dharma ransomware is typically installed manually on systems that have Remote Desktop Services exposed on the internet. Attackers scan the web looking for computers running RDP and try to brute-force entry to the system. If the method was used in the CIRA attack, it is possible that it was not a targeted cyber attack and hackers simply infected the vulnerable computers discovered by scanning the internet.
As of writing, no further updates were made regarding Albany’s cyber attack.