Home News One Attack, Two Disclosures! The Story of Azusa Ransomware Attack

One Attack, Two Disclosures! The Story of Azusa Ransomware Attack

After disclosing a recent ransomware attack, the Azusa Police department acknowledged that they suffered yet another attack, which they hid for two years.

Ransomware Attack on Azusa Police

Unreported cyberattacks usually return with greater risks. Most organizations avoid reporting cyberattacks citing various reasons but eventually encounter severe backlash if not disclosed. Recently, the Azusa Police Department revealed that it suffered a sophisticated ransomware attack that compromised some of its sensitive records. In an official release, the department stated that certain aspects of its computer systems were inaccessible after the hacker intrusion. The authorities immediately reported the issue to the law enforcement authorities and engaged third-party specialists to determine the source of the incident and the extent of the systems affected.

The compromised information included social security numbers, driver’s license numbers, California identification card numbers, passport numbers, military identification numbers, financial account information, medical information, health insurance information, and/or information or data collected through the use or operation of an automated license plate recognition system.

While cybercriminals behind the security incident are unknown, the department clarified that there is no evidence of any misuse of the information. “Azusa Police continues to review its network security policies and take additional steps to further enhance its security, as it takes the privacy and security of all information very seriously. The Department also established a dedicated assistance line to address questions individuals may have and to provide credit monitoring services to potentially impacted individuals,” the Azusa Police said.

While the Azusa Police department claimed that they are not going to pay any ransom to the cybercriminals, the officials now disclosed another ransomware attack that they hid for two years. According to a report, the department, through its cybersecurity insurer, paid $65,000 ransom to an unknown threat actor group to regain access to ten of its data servers in 2018.

The breach apparently occurred through ransomware, which was downloaded and distributed to systems after an employee opened/downloaded a malicious attachment or URL in a phishing email. The authorities cleaned and restored the servers after encrypting them but didn’t reveal it to the outside world.

“We were able to unlock one server after the ransom was paid but immediately after found a free key to unlock all other locked servers. No information was compromised. Our servers were just locked. We verified with forensic experts that no data was compromised. That’s essentially why we did not and were not required to report it (publicly).

These types of attacks are becoming more and more common and, to a certain extent, much more sophisticated. We are again working to ensure we have the best cyber defense. We have also brought in additional resources by contracting with cybersecurity experts to rebuild our entire system from top to bottom, including upgraded servers, software, and anti-virus programs and a more robust backup system,” said Azusa City Manager, Sergio Gonzalez.

Although the reason why the Azusa police department ignored reporting the ransomware attack is unknown, it may receive severe backlash from the cybersecurity community for doing so. 

Related Story: 4 Immediate Measures to Execute After a Cyberattack