[ad_1]
In a press conference Monday, Mayor Carter said that the group has a history of committing attacks similar to the one that targeted the city of St. Paul.
ST PAUL, Minn. — St. Paul Mayor Melvin Carter said the group behind the ransomware attack targeting the city’s internal systems allegedly stole about 43 gigabytes of data, primarily from the parks and recreation department.
In a press conference Monday evening, Carter said that the group has a history of committing attacks similar to the one that targeted the city of St. Paul, and in previous instances, the group sold thousands of gigabytes from a single victim.
Carter went on to explain that the files that were posted appeared to be from a single shared network drive, and added that it didn’t include “core city systems” such as payroll, permitting or licensing.
“The contents are varied and unsystematic,” Carter said. “They could include anything from work documents, copies of IDs submitted for HR or for travel, or even personal items like recipes.”
The attack occurred more than two weeks ago, which prompted city officials to proactively shut down its network. Gov. Tim Walz later issued an executive order to activate the Minnesota National Guard and the city declared a state of emergency due to the “magnitude and complexity.”
During Monday’s press conference, Carter said the group has previously demanded ransoms in other cases, and then sold the data for profit. After Carter said the city refused to pay the ransom, the group posted the data publicly.
“While the scope of what they published against us is far smaller than what they’ve accomplished elsewhere, the fact remains someone was inside our systems, and once that happens, there’s no way to guarantee that they could not have accessed more.”
Carter went on to say that he is offering credit monitoring and identity theft protection insurance for all city employees, at no cost, for the next 12 months, whether their data was breached or not. Carter refused to name the group behind the attack, saying, “I don’t deem them worthy of me saying their name,” but said they are from the dark web.
In response to the attack, the city launched Operation Secure Saint Paul. Over the next few days, about 3,500 city employees will be required to do an in-person password reset and device security check. A city spokesperson said more than 2,000 employees had completed the process.
“After our reset and our device security that has been pushed out to all of our devices, we’re going to start reopening our system,” Director Jaime Wascalus of the Office of Community and Technology said Sunday. “So our systems are sitting there ready for us to start opening. This is going to be a very slow and cautious reopening.”
The city is reassuring citizens that, beyond there being no evidence any data was taken, the majority of resident information collected by the city is stored on cloud-based applications, which were not impacted by the ransomware attack.
“We have some employment data for employees who work here, but for the most part, the vast majority of city residents… the city doesn’t have your Social Security number. It doesn’t necessarily have sensitive data that could be breached or could be shared,” Carter said.
Emergency services have been operating, as usual, while libraries, parks and recreation centers remain open, but the WiFi is still down.
According to the city, the FBI is leading a criminal investigation parallel to its response.
“The message is be vigilant, be careful. Somebody asked me recently, is this something that I think governments need to be worried about moving forward? And the answer is yes. But much larger than that, this is something that we all need to be concerned about moving forward,” Carter said. “There are so many different ways that these threat actors work to try to get into our organizations and into our personal lives, to try to make contact and try to find any way to… get a toehold in so that they can commit crimes online.”
[ad_2]
