[ad_1]
LOWELL — Russian hacker Dmitry Khoroshev, also known by his online handle as LockBitSupp, allegedly posted Lowell’s municipal data from last year’s cyberattack on a secure channel in April, just days before he was charged by the U.S. Department of Justice with 26 counts for his role in developing and distributing LockBit ransomware.
This latest alleged disclosure, more than a year after Lowell’s cybersecurity breach, shows that the city’s data is still making the rounds, said Brett Callow, a threat analyst with Emsisoft, an anti-malware and cybersecurity software and consulting company.
“Data purportedly belonging to the City – and presumably stolen during the same attack – is being shared in a Telegram channel by somebody using the name ‘LockBitSupp’, which is the name of the Russian hacker who was recently de-anonymized and sanctioned by law enforcement,” Callow said by email on Tuesday.
A group called Play claimed responsibility for the April 2023 cyberattack on the city’s municipal network, which knocked out phones, email, financial, human resources and asset management and revenue systems, as well as other ancillary services like dog, business and marriage licenses, offline.
It also disabled the computer-aided dispatch system in Lowell Police Department cruisers. Officers use the CAD system to write accident, incident and arrest reports from their cruisers, and that operational capacity remained disabled until this month.
Play published 5 gigabytes of data from the hack and locked the city out of its own network. It posted the stolen data to the dark web. The cybercriminal group threatened a full data dump if the city did not pay an undisclosed ransom. Reportedly, the city did not pay the ransom.
Previously, City Manager Tom Golden said the city was working with its partners in federal and state law enforcement to address the cyberattack.
Documents given to The Sun last May appeared to show that the data allegedly stolen from the April 24 hack includes personal and personnel data such as confidential medical billing records and even employee disciplinary cases.
The documents were redacted by the Sun’s source to remove identifying factors such as name, but the information provided a startling glimpse of what private information may now be available to cyber criminals and others on the dark web.
The dark web is a part of the internet that isn’t indexed by mainstream search engines and requires special browsers like Tor, permissions, software and system configurations to access. It is used to keep internet activity anonymous and is fertile ground for illegal or criminal enterprises like Play and Khoroshev.
Khoroshev’s indictment reflects law enforcement’s increased actions against cybercriminals involved in ransomware attacks, said FBI Director Christopher Wray.
“Today’s indictment of LockBit developer and operator Dimitry Yuryevich Khoroshev continues the FBI’s ongoing disruption of the LockBit criminal ecosystem,” Wray said during a press conference on May 7. “The LockBit ransomware group represented one of the most prolific ransomware variants across the globe, causing billions of dollars in losses and wreaking havoc on critical infrastructure, including schools and hospitals. The charges announced today reflect the FBI’s unyielding commitment to disrupting ransomware organizations and holding the perpetrators accountable.”
Since its inception in 2019 until the present, LockBit targeted more than 2,000 victims and stole more than $100 million in ransomware payments.
In addition to cleaning up the extensive fallout of the 2023 hack, Chief Information Officer Mirán Fernandez proposed a reorganization of the Management Information Systems department to properly manage the city’s cybersecurity profile.
“A properly re-aligned and consolidate technology organization will increase the delivery of technology services/ support, increase our operational flexibility and continuity, ensure technology decisions are consistent with best practices and secured properly, provide a unified and strategic technology roadmap, and return significant dividends on the taxpayer’s technology investments,” Mirán said in a memo to the City Council dated March 1.
The last public update from MIS on the city’s cyberattack was posted in June 2023, and all updates have been removed from the city’s website, but previous updates to the City Council documented the department’s efforts to rebuild servers and networks, install new equipment, create secure user access portals and train employees in cybersecurity.
Additionally, both then-Superintendent of Schools Joel Boyd and Golden allocated more than $1 million combined funding from their respective budgets to purchase LifeLock protection for all current city and school employees impacted by the cyber breach.
LifeLock is identity theft protection software, that, according to the company’s website, “monitors for identity theft, the use of personal information, and credit score changes.”
The Department of State also announced a reward of up to $15 million for information that leads to the apprehension of Khoroshev. Details on protecting networks against LockBit and other forms of ransomware are available at StopRansomware.gov.
[ad_2]