Yesterday, Al.com reported a ransomware attack on Mobile County, Alabama:
The county, in a statement released to the media Wednesday, confirmed it discovered a malware affecting “certain systems.” The infection occurred last week and prompted the county to shut down its system for about three days, according to Mobile County Commissioner Connie Hudson.
[…]
Broussard declined to say which specific systems were affected.
Last week, the county tweeted a warning about an attack.
PLEASE BE ADVISED: Mobile County is experiencing computer network issues and internet service at this time is temporarily unavailable. The IT dept is working with vendors to restore service as soon as possible. Thank you for your patience and we apologize for any inconvenience.
— Mobile County, Alabama (@mobilecountyal) May 25, 2021
Mobile County IT department has been in the process of restoring online services. Internet connectivity has been restored.
— Mobile County, Alabama (@mobilecountyal) May 26, 2021
The attack was first reported by SuspectFile on May 31 after it appeared on the dark web leak site of threat actors calling themselves Pay or Grief (or Grief — this site STILL hasn’t gotten an answer from them as to their name). But on the leak site, they wrote:
“The network of Mobile County, Alabama was screwed and now we have about 95 GB data from file servers, including internal company documents, personal and HR data. According to our rules we are publishing this data step by step in case if this company will keep silence.”
Unlike threat actors that may negotiate for weeks before adding a victim to their leak site to increase pressure on them, these threat actors added the county on May 27, and then dumped more data on June 3.
As proof, they offered one screencap and two small folders of files that appear to be routine county business.
Editing and additional material by Dissent