A California city whose police department recently revealed it had been victimized by cyber-criminals has now acknowledged it suffered an earlier cyber-attack in 2018.
Azusa's 63-officer police department was targeted by the DoppelPaymer ransomware gang late last winter. The attack was kept secret while officials worked with the FBI, Los Angeles County Sheriff’s Department, and ransomware consultants to try to retrieve hundreds of highly sensitive files encrypted in the incident.
In April, a stash of the department's documents was leaked online after the city elected not to pay the ransom demanded by the gang. Among the information leaked were criminal case files and payroll data containing Social Security numbers, driver’s license numbers, medical information, and financial account information.
The city finally publicly acknowledged the hack on May 27 to coincide with the start of Memorial Day weekend, when America's attention typically flits away from the news cycle and toward outdoor social activities and honoring the fallen.
Azusa PD issued a “notification of data security breach” stating that it had been hit by a “sophisticated ransomware attack” and that "certain Azusa Police information was acquired by the unauthorized individual."
Now the city has said that it was attacked with ransomware by another unnamed cyber-criminal organization in the fall of 2018. Azusa City Manager Sergio Gonzalez said that the city’s insurers, Chubb, paid $65,000 to regain control of 10 data servers at the police department that were taken over by the hackers for more than a week.
“We were able to unlock one server after the ransom was paid but immediately after found a free key to unlock all other locked servers,” Gonzalez said in an email.
“No information was compromised. Our servers were just locked."
Gonzalez said that the 2018 attack had not been reported because an investigation had determined that no data had been exposed in the incident.
"We verified with forensic experts that no data was compromised," wrote Gonzalez. "That’s essentially why we did not and were not required to report it (publicly).”
Whittier Daily News reports that the 2018 attack began when a city employee opened an email and clicked on a malicious link.