Cyber criminals appear to have used two different Windows ransomware packages — DoppelPaymer and NetWalker — to attack the City of Knoxville in Tennessee and Trinity Metro, a regional transportation authority of the state of Texas, and, in a familiar ploy, released screenshots of documents stolen from the two organisations.
The City of Knoxville is the largest in the East Tennessee region. Its website appears to be down at the moment, so there is no way of seeking any comment from the body.
Trinity Metro is not an agency or department of any of its member cities. It provides eight million passenger trips annually on buses, TEXRail, ZIPZONE services, ACCESS paratransit, vanpools and Trinity Railway Express.
TEXRail, which operates between Fort Worth and Dallas Fort Worth International Airport’s Terminal B, is owned and operated by Trinity Metro. TRE, which runs between Fort Worth and Dallas, is jointly owned and operated by Trinity Metro and DART.
The governing body is an 11-member board of directors with eight appointed by the Fort Worth City Council and three by Tarrant County Commissioners Court.
The Metro’s contact form does not seem to be working at the moment.
Both DoppelPaymer and NetWalker employ similar tactics: they exfiltrate data before encrypting documents and issuing ransom demands.
And if these are not met within a stipulated period, then the slow release of files begins as a pressure tactic.
In the case of Trinity Metro, the attackers have placed a deadline of 11 July before they publish the firm’s data online.
In the City of Knoxville case, a large list of files has been released and more are said to be in the pipeline. In addition, the attackers have also listed the machines which were attacked, most of which run various versions of Windows Server dating from the 2008 version onwards.
Contacted for comment, Brett Callow, a regular iTWire commentator on ransomware attacks, said: “Audits and studies have repeatedly shown that US local governments practice cyber security poorly, which is why at least 113 of them were affected by ransomware last year.”
Callow, who works as a threat analyst for the New Zealand-headquartered security shop Emsisoft, added: “This needs to change. If it does not, state and municipal entities will continue to be hit by ransomware and their data — and their residents’ data — will continue to be stolen and published.
“But, alas, it seems that governments still haven’t upped their security game. So far this year, at least 56 hit been hit, so it appears the 2020 numbers will be very similar to those of 2019.”
Click here to go to the original Source of this story.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .