City’s Ransomware Denials Exposed, Still Faces 100 BTC Demand

A ransomware gang has published personal and financial data from the Californian City of Torrance online — and threatened to reveal 200GB more unless their demands are met.

Calling themselves DoppelPaymer, the ransomware gang has demanded 100 Bitcoin (BTC) — worth around $700,000 — in exchange for not releasing any more files stolen in the March 1 cyberattack. 

The cyberattack erased the City's local backups and encrypted approximately 150 servers and 500 workstations. The release of the data is embarrassing for City officials who claimed that no private data from its 145,000 residents had been compromised in the attack. 

To prove it had, the group set up a site called “Dopple Leaks” with a sample of the hacked files, including city budget financials, accounting, and other documents belonging to the City Manager of Torrance.

The StateScoop website reports it has examined the files and uncovered individuals’ names, dates of birth, Social Security numbers, and other personal identifying information, as well as 181 pages of financial transactions that occurred in the 2019 fiscal year.

Ransomware attacks are down?

Despite Torrance’s fate, a recent report by malware lab Emsisoft showed that there was a significant drop in the number of successful ransomware attacks on the U.S. public sector for Q1 2020, partially due to more employees being forced to work remotely.

Emsisoft threat analyst Brett Callow told Cointelegraph:

“...it’s very obvious to ransomware attackers that they’ve got a potentially valuable target when they hit a corporate endpoint. It may however be less obvious when they hit a personal device that an employee is using while working remotely, and which is only connected to corporate resources on an intermittent basis. “

The Emsisoft report, however, also mentioned that ransomware attacks can be seasonal. The recent overall drop should not be a sign of complacency. An FBI report stated that victims paid roughly $144 million in BTC to ransomware hackers between October 2013 and November 2019. As many attacks go unreported, this is likely an underestimate.

Ransomware Attacks Are Way Down in the Midst of COVID-19   April 21, 2020
Crypto in the crosshairs: US regulators eye the cryptocurrency sector   Oct. 24, 2021
The IRS offers a $625,000 bounty to anyone who can break Monero and Lightning   Sept. 11, 2020
California University Pays Million-Dollar Crypto Ransom   June 30, 2020
Celebrities May Have Their Dirty Secrets Exposed if Crypto Ransom Is Unpaid   June 24, 2020