The ransomware group that claims to have stolen data from the Modesto Police Department’s IT network has started making the information available on its website.
A threat analyst with the cybersecurity firm Emsisoft reported the development last week on Twitter.
“Generally speaking, (cybercriminals) only release the data if they are not paid,” said Brett Callow, the analyst. “And I would say if the city hasn’t paid them, it is absolutely the right decision.”
Callow said organizations cannot count on cybercriminals to destroy the data after they have been paid. He said they may try to extort another payment or sell the data to other criminals.
“There is very little Modesto can do now but minimize the damage,” he said about the ransomware group making the data available on its website.
The city has said personal information may have been accessed in the cyber attack, including names, addresses, Social Security and driver’s license numbers. The city sent letters to people whose personal information may have been accessed and offered them one year of free credit monitoring.
City Manager Joe Lopez has said the personal information that may have been accessed was limited mainly to city employees and almost entirely to Police Department employees. He said a small number of people who don’t work for the city may have been affected.
Modesto has not said how many people were sent letters and whether other data was accessed and has released little information about the cyber attack, saying it needs to safeguard its investigation.
The ransomware group Snatch has claimed responsibility for the cyber attack. It posted 15 files on its website that it claims include Modesto data.
Modesto has said the Police Department’s IT network was compromised by a ransomware attack Feb. 3. But based on a letter the city manager sent to people whose personal information may have been accessed, the data breach may have started Jan. 31 and was detected by the city three days later.
The cyber attack hobbled the Police Department’s IT network. For instance, the laptops in patrol vehicles — called mobile data computers — did not work. That meant officers could not use them to check whether someone had a criminal history or any warrants. Officers also had to write reports and traffic tickets by hand.
Department spokeswoman Sharon Bear said Thursday that nearly all of the network has been restored, including the laptops in patrol vehicles and the department’s desktop computers, and work continues to restore the rest of the network.
City officials have said the cyber attack never put the public at risk or disrupted the city’s ability to provide services, including responding to 911 calls.
(c)2023 The Modesto Bee. Distributed by Tribune Content Agency, LLC.
