Delaware County, Pennsylvania has paid a $500,000 ransom after their systems were hit by the DoppelPaymer ransomware last weekend.
On Monday, Delaware County disclosed that they had taken portions of their computer network offline after discovering that their network was compromised.
"The County of Delaware recently discovered a disruption to portions of its computer network. We commenced an immediate investigation that included taking certain systems offline and working with computer forensic specialists to determine the nature and scope of the event. We are working diligently to restore the functionality of our systems," the Delaware County alert stated.
The County stated that the Bureau of Elections and the County's Emergency Services Department were not affected and are on a different network than the hacked systems.
Local media has stated that the ransomware operators had access to networks containing police reports, payroll, purchasing, and other databases. As part of the attack, the threat actors demanded a $500,000 ransom to receive a decryptor.
"Sources said the county is in the process of paying the $500,000 ransom as it's insured for such attacks," Philadelphia's 6abc's Action News reported.
DoppelPaymer gang behind attack
Since then, sources have told BleepingComputer that the DoppelPaymer ransomware gang was behind the attack and that Delaware County had paid the ransom.
DoppelPaymer dervices its name from BitPaymer, which shares a large portion of code, but has been improved over time with a threaded encryption process for faster operation.
DoppelPaymer is known to steal unencrypted files when performing their attacks. It is not known if this was done in the attack against Delaware County.
BleepingComputer was also told that the ransomware gang advised Delaware County to change all of their passwords and modify their Windows domain configuration to include safeguards from the Mimikatz program.
Mimikatz is an open-source application commonly used by ransomware gangs to harvest Windows domain credentials on a compromised network.
Source: Mimikatz Github page
Once the threat actors gain access to a Windows domain administrator password, they deploy their ransomware on the network to encrypt devices.
SANS ISC has a good article on securing a Windows network against Mimikatz attacks that all Windows network admins should become familiar with.
Other victims attacked by DoppelPaymer in the past include Compal, PEMEX (Petróleos Mexicanos), the City of Torrance in California, Newcastle University, Hall County in Georgia, Banijay Group SAS, and Bretagne Télécom.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Comments
Dave1949 - 5 years ago
As this is Pennsylvania, what's the betting that Trump (if and when he finds out) will try and seize on this and attempt to make something of it? Mind you, I don't suppose he even knows what ransomware actually is!
buddy215 - 5 years ago
President-elect Joe Biden has 63% of the votes (205,332) in Delaware County, President Donald Trump has 36% (118,358).
Trump's incompetent gang did challenge some 1700 provisional ballots in that county. But like everywhere else...it was a total waste of time for all concerned. QUOTE ONE JUDGE in one suit...."Voters choose presidents...Not lawyers".
xorg7 - 5 years ago
A clear example of the cost of doing business with Microsoft.
EmanuelJacobsson - 5 years ago
Microsoft is never to blame in cyber attacks on businesses, its always the negligence in businesses thats the result, be it not locking down their RDP's, not updating their VPN's, using windows 7/XP, or not teaching their employees not to click random email attachments and links.
Its the same for everyone, including home users, aslong as you know what to look out and practice cybersecurity then WIndows is as secure as any other OS, like Mac or Linux.
JayBreezy - 5 years ago
If someone got burglarized when they didn't lock the door would you blame the lock maker?
woody188 - 5 years ago
Why would you commenters even bring politics into this article?
Voting systems are rarely networked. Didn't you see those lines of cars hand delivering the vote tallies to the central tabulators?
It is usually possible to manipulate a central tabulator if you have physical access, but it's darn near impossible to do so remotely. They'll still have the paper ballots and the data drives from the touch screen devices as a check on the central tabulator totals.
buddy215 - 5 years ago
Woody....I agree with what you posted. The point is Trump doesn't rely on facts....he makes stuff up like "massive fraud...massive dumps". Don't ever think for a second he and his gang wouldn't twist this ransom payment into something it isn't.