Last weekend the New York government announced that the city suffered a ransomware attack that managed to compromise some government administrative systems, reported ethical hacking training specialists from the International Institute of Cyber Security (IICS).
The attack focused almost exclusively on the Albany
area, capital of New York, and affected the regular functioning of some of the
city’s systems, of which some continue to be unable to normally operate. For
now, people who wish to obtain copies of their birth certificates, marriages,
licenses, among others, must wait for the restoration of the affected systems
or to go to alternative locations in other cities.
“The City of Albany has become the most
recent victim of a ransomware attack; we are conducting the relevant
investigations to determine the full scope and impact of the incident”, said
Kathy Sheedan, mayor of Albany. Sheedan clarified that the rest of the local
systems and services operate normally.
According to the ethical hacking training
specialists, the initial scope of the ransomware attack is still unknown, although
the authorities already have some indications to determine the magnitude.
Representatives of the Albany police officers union
trade recently stated that they do not currently have access to some of the
local police systems, such as scheduling systems, corporate email or any system
that requires Internet connection for its operation. Some officers even claimed
that the ransomware has affected the computer systems installed in the patrols;
these systems are used by police officers to carry incidents records, monitoring,
etc.
“Because of this situation, our ability to
respond to incidents may be affected, as our work tools are not working at
all,” the union representatives said.
“A police corporation’s computer systems should be harder to
hack,” they concluded.
Ransomware attack campaign operators have shown
a growing interest in compromising government systems, said the ethical hacking
training specialists. Some specialists believe that the need to keep the
government’s administrative systems on line makes it more likely that the
authorities will agree to pay for the ransom demanded by the threat actors.
Two Iranian hackers were indicted by the U.S. Department
of Justice (DOJ) for the ransomware attack campaign against some
companies and institutions of the U.S. government and Canada last November.
According to the DOJ, the damage caused by these attacks is estimated at over
$30M USD.
