The City of Modesto is allegedly the latest victim of the Snatch ransomware group. While there is currently no sample data available to confirm the authenticity of the threat, City of Modesto cyber attack highlights the continued vulnerability of public services.
Oakland City, California, faced a similar threat recently when the Play ransomware group released 10 GB of stolen data. The data reportedly included confidential information such as police assignments, lawsuit settlement agreements, and social security numbers.
Who is the Snatch ransomware gang?
Snatch ransomware gang is one of the stealthiest and most dangerous types of ransomware groups. What makes it so insidious is that it uses tools already built into Windows to carry out its malicious activities.
Moreover, it can avoid detection by forcing infected computers to reboot into Safe Mode, where endpoint protection mechanisms are not always active.
The Snatch ransomware group is particularly nefarious because they use a double extortion method. Their payload includes ransomware and a data stealer component. This means that if they successfully encrypt a victim’s files, they can also steal sensitive data and threaten to release it if their demands are not met.
To gain access to their targets, the Snatch ransomware operators use various methods.
One common technique is automated brute-force attacks against vulnerable applications in the target organizations. They also have a network of affiliate partners who help them gain initial access to corporate networks, making it even harder for companies to defend themselves against these attacks.
City of Modesto cyber attack : Ransomware gang vs other cities
Other than the City of Modesto cyber attack, the gang has continued to target several other cities.
The City of Toronto fell prey to the GoAnywhere MFT data breach, where cybercriminals exploited zero-day vulnerabilities to gain unauthorized access to the system. The city failed to negotiate with the attackers, resulting in the exploitation of 300GB of sensitive data, which was later made public as a warning to other organizations.
In a tweet, cybersecurity researcher Brett Callow called the City of Toronto unlucky. “The City of Toronto has been unlucky when it comes to file transfer. First, it was breached via its Accellion FTA, and now it’s been breached via its Forta GoAnywhere.”
Another incident is that of the City of Lakewood in Washington, which suffered a ransomware attack by the ALPHV group. Despite negotiations, the group, which claimed to have stolen 300GB of sensitive data from the city council, made the data public on a website.
The city of Tucson in Arizona was also not immune to this trend, as it suffered a data breach that impacted the personal data of 123,513 individuals.
While the city hired third-party forensic specialists to investigate the breach, it was later determined that the personal data of the affected individuals had been exposed.
These incidents underscore the growing threat ransomware attacks pose on government organizations and public services. The financial impact of such attacks can be significant, not to mention the potential damage to public trust and confidence in the ability of these services to protect sensitive data.
To mitigate the risks of such attacks, public services must take proactive measures to strengthen their cybersecurity posture. This includes regular security assessments and testing, implementing security protocols, and providing employee training to increase awareness of potential threats.
Moreover, public services must be prepared to respond swiftly and effectively during an attack. This includes having incident response plans in place, regularly reviewing and updating them, and ensuring they are communicated to all relevant stakeholders.
In conclusion, the rise of ransomware attacks on government organizations and public services is a significant concern that requires urgent attention. By taking proactive measures to strengthen their cybersecurity posture and implementing effective incident response plans, public services can help mitigate the risks of such attacks and protect sensitive data.
