The last week of July was proceeding peacefully for the staff of Valdez City when suddenly a cyberthreat rose to threaten the entire network. Elke Doom, the City Manager, realized that the ransomware strain may have been similar to the attack at Mat-Su Borough—a city at a mere distance of 250 miles to the City of Valdez—which occurred only a few weeks ago.
As a result, the management immediately contacted the staff of Mat-Su Borough to deal with ransomware removal and restoration processes. Doom realized that the ransomware strikes during the update activities when the anti-virus tool is used.
However, FBI’s investigation found no correlation between the two attacks. Scott Sandback, from FBI’s Anchorage Division, explained that despite the close distance between the cities as well as the proximity between the timings of the attack, there was no concrete evidence that could mark both sets of ransomware as the same strain. The reason for this deduction is also attributed to dissimilarities in the attack vectors in these incidents.
While Mat-Su Borough dealt with CryptoLocker Ransomware, the City of Valdez battled with Hermes Ransomware. However, there was one interesting common element in both of these incidents; phishing campaigns and malicious Excel and Word documents were used against each city.
In the aftermath, the City of Valdez was helped by the local police and its cybersecurity insurance partner. Additionally, the City approached a third-party cybersecurity firm for a solution. Subsequently, the firm contacted the cybercriminals via the dark web where the perpetrators inquired about the business’ type.
After ascertaining that they caught a small fish, the attackers settled for a low ransom amount for ransomware removal. This amount is reported to be four bitcoins or $26,000. After much deliberation, the city agreed to pay the money.