Lowell City Government Held to Ransom

Tuesday, 16 May 2023
lowell.jpg

The city of Lowell, Massachusetts has had sensitive government information published on the dark web, with threats that even more data is yet to be released unless the city pays a ransom to hackers. Upon discovery of the hackers infiltrating internal Lowell government systems, phones were disconnected, and computers were removed from city offices. Staff were forced to switch to laptops that had been earmarked for working remotely during COVID-19.

"This is a well-known group who usually does carry through with threats," says Brett Callow, a threat analyst for Nelson-based anti-malware company Emsisoft. "I have no particular reason to doubt their claims. These are criminal enterprises." On Thursday, Callow tweeted that the organisation called "Play" had published five gigabytes of data it claims to have seized from Lowell. It isn't known how much additional data Play were able to exfiltrate.

Allan Liska, a ransomware researcher at Recorded Future, looked at the data provided by Lowell and said it "looks like other legitimate data that has been stolen from cities before. It’s unlikely that it's faked." The hackers are believed to be Russian speakers, and Liska doesn't believe that they would have the English fluency to be able to fabricate the data.

Mirán Fernandez, Lowell's chief information officer, appeared before the City Council on Tuesday to provide some details about efforts to recover from the attack. Fernandez stated that the city experienced a "cyber-related event", though declined to provide additional details due to the ongoing nature of investigations. The matter has been referred to the FBI.

Following the breach, Fernandez claimed the city would be completely wiping affected computer systems, and rebuilding them from the ground up with new security measures, including multifactor authentication - something that was not previously present on all Lowell government systems. Employees will be required to undergo cybersecurity training if they are to gain access to the new computers.

"This was the biggest reboot in the city’s history. We had to unplug, turn everything off. Because of the nature of how we had to collect all the devices and had to assume that everything was just questionable, we basically had to wipe all the machines and anyone who had data on their desktops did lose it," Fernandez said.

Earlier this month, officials in San Bernardino, California paid a ransom of $1.1 million to a hacker who had infiltrated a computer network used by the county sheriff. Also this month, a ransomware attack crippled systems in Dallas, including the computer-assisted dispatch for 911.

Enjoyed this article? Please consider donating!
Donate
* Alpha Safe journalism is funded exclusively by your donations. We care about your online safety, so we will never display ads, as they could serve you malicious content. We also believe journalism should be available for all, and will never hide our articles behind a paywall. As such, your donation would be very much appreciated.

Most Recent

31 July 2023

Hell Pizza Suffers Credential Stuffing Attack

14 July 2023

Wellington City Council Data Breach

8 July 2023

Event Secretary Data Breach

2 July 2023

TSMC Data Breach; Hackers Demand $70m Ransom

27 June 2023

Suncor Energy hit by Giant Cyberattack

21 June 2023

Kiwis Losing $2M Every Month To Cybercriminals

18 June 2023

Eftpos Provider Smartpay Suffers Ransomware Attack

17 June 2023

Colossal Louisiana Driver Licencing Data Breach

14 June 2023

Russian Hackers Breach Ulez Database

9 June 2023

Thousands of Companies' Data Stolen Through MOVEit Flaw