City officials will not confirm whether they received a ransom, but a newer ransomware gang claimed to be behind the attack, say cybersecurity experts.
GENEVA, Ohio — As the Biden administration on Monday accused China of playing a role in ransomware attacks on U.S. businesses, word came of a crippling cyberattack on the city of Geneva.
In a statement to 3News, city manager Joe Varckette explained that early Friday morning, the city discovered an online breach into the city’s website and online data systems. City leaders and the information technology department immediately began assessing the city departments that could have been exposed.
On Monday morning, city officials contacted the FBI and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency to report the cyber intrusion.
The city in the heart of Ohio’s wine country has a population of about 6,200, according to the 2010 Census. Its small profile would seem to make it an unexpected target of a cyberattack.
“It just happens to be that hackers saw a vulnerable system, and went after it,” said Alex Hamerstone, Advisory Solutions Director at TrustedSec, a cybersecurity firm headquartered in Strongsville. He said sometimes targets are well-known, “or because they’re known to have a lot of money. But a lot of times, hackers don’t even see whose system it is — they just see vulnerable systems as they’re out there scanning the internet,” he explained.
While Geneva’s data systems were breached, city officials say emergency services were not disrupted.
The city would not confirm whether it received a ransom from hackers, but websites tracking hacker activity posted claims by AvosLocker, which took credit for the attack. Hamerstone described AvosLocker as a newer ransomware gang that has recently emerged.
The claims, which are not verified by city officials, nor the FBI, described having presented a small sample of citizens’ Social Security and credit card numbers as proof of data that it exfiltrated, and threatened to release more data if the city did not negotiate.
“That is absolutely, an extremely common M.O.,” said Hamerstone, who cautioned cyberattack victims from responding to ransomware hackers. “The fact of the matter is, there are no assurances that you’re going to get your data back. And especially in cases in which they are threatening to release data, there’s really no assurance that they’ve destroyed it or kept it,” he said.
In 2019, the city of Cleveland faced a ransomware attack that crippled computer systems at Hopkins Airport. At the time, FBI agent Bryan Smith, who leads the Cleveland division’s cyber investigations team said, “It’s the FBI’s position and policy that we recommend entities not pay ransom because you’re only reinforcing bad behavior by the actors.”
RELATED: City of Cleveland admits ransomware was found on Cleveland Hopkins Airport computers
Cleveland city officials said they did not respond to the ransom, however, repairs to restore its data systems cost the city $750,000.
Geneva city officials are still assessing how much, if any, of its citizens’ sensitive information was breached. But they said out of an abundance of caution, anyone who interacted with the city in any way, in which personal identifiable information was shared, whether online, in-person or on paper prior to July 16, 2021, is being asked to take monitoring precautions.
- Monitor financial accounts and credit reports
- Get with credit/debit card companies to issue a fraud alert
- Change passwords to personal accounts
- Take additional authentication measures in all personal accounts and applications