Scott Schwebke reports:
In the aftermath of a disclosure that sensitive Azusa Police Department records had been hacked by criminals, city officials now acknowledge they experienced another costly ransomware attack that they hid from the public for nearly two years.
In the fall of 2018, the city, through its cybersecurity insurance carrier, paid $65,000 ransom to an unknown hacker organization to regain control of 10 data servers at the Police Department, Azusa City Manager Sergio Gonzalez said Thursday.
Read more on San Gabriel Valley Tribune.
So having paid ransom in 2018, they showed criminals that they might be good targets to attack again to get more payments. This is exactly why experts try to discourage victims from paying ransom — it encourages them to attack other victims, and it encourages re-attacks of the original victim.
This is also why some people advocate mandating disclosures when victims pay ransom, but of course, see above as to why that’s somewhat risky to do.
The recent Azusa attack was previously covered on this site by Chum1ng0. More than two months after the threat actors had added the department to their list of victims, the department first issued a press release. The notice stated, in part, “Although the Police Department has no evidence of actual or attempted misuse of information, it is providing notice to the public in an abundance of caution.’
So is the news release the sum total of their notice to the public? Or are they sending individual notices, too? CCPA does not apply to government agencies.