City officials have confirmed that the Azusa Police Department paid $65,000 in ransom through the agency’s cybersecurity insurance carrier to regain control of its servers in 2018.
Authorities also admitted that city residents were never informed about the breach.
The acknowledgement comes as a recent ransomware attack leaked sensitive records of the police department online.
City officials said that an unknown hacker organization seized control of 10 of the agency’s servers two years ago, prompting it to pay the ransom through its insurance provider.
“We were able to unlock one server after the ransom was paid, but immediately after found a free key to unlock all other locked servers,” Sergio Gonzalez, Azusa city manager, told the San Gabriel Valley Tribune. “We verified with forensic experts that no data was compromised. That’s essentially why we did not and were not required to report it [publicly].”
The 2018 cyberattack was reportedly traced to an email attachment opened by a police employee, unleashing the virus that caused the hack.
Cyber forensic experts were able to clean and restore the servers before putting them back online and city employees were given cybersecurity training. These, however, did not prevent another breach from happening.
The police department discovered another hack on March 09 and reported it publicly on May 27.
Authorities said a ransomware gang called DoppelPaymer was behind the attack. The group demanded 15.5 bitcoin, or about $800,000, and threatened to leak sensitive information if the ransom was not paid.
The company’s insurance provider refused, pointing to recent US Department of Treasury warnings about possible sanctions for ransomware payments to groups considered “malicious cyber actors.”
This prompted DoppelPaymer to post hacked police data, including evidence reports, jail records, and payroll information, on its website. The index page had gathered almost 12,000 views as of Friday.
Officials said that social security, driver’s license, passport, and state identification card numbers, along with financial and health insurance information, might also have been compromised due to the hack.
“These types of attacks are becoming more and more common and, to a certain extent, much more sophisticated,” Gonzalez said. “We are again working to ensure we have the best cyber defense. We have also brought in additional resources by contracting with cybersecurity experts to rebuild our entire system from top to bottom, including upgraded servers, software and anti-virus programs and a more robust backup system.”