CA: Azusa Police reveal ransomware attack in March

On March 17, the DoppelPaymer threat actors added Azusa Police Department in California to the leak site where they list ransomware victims who have refused to pay their ransom demands.

On April 22, the threat actors increased the pressure on the department — or attempted to — by dumping some files as proof that they had accessed the system and exfiltrated data. The files included police records concerning investigations and police business such as patrol officers’ reports. There was also some financial and payroll-related information. The folder names have been redacted by in the image below:

Redacted Image:

The threat actors do not indicate how much more data they may have acquired.

On May 28, the police department issued a news release and notification about the incident. According to their news release, on March 9, they discovered that certain aspects of its computer systems were inaccessible. They report:

Upon discovery, Azusa Police immediately contacted its law enforcement partners and began working with third-party specialists to determine the source of the incident and extent of systems affected. As a result of the Department’s quick response, all 911, emergency systems, and public safety services remained fully operational.

On April 27, 2021, they determined that the threat actors had acquired some files and began to investigate to confirm what was accessed and exfiltrated.

On May 20, 2021, the investigation determined the information may have included the following: Social Security numbers; driver’s license numbers; California identification card numbers; passport numbers; military identification numbers; financial account information; medical information; health insurance information; and/or information or data collected through the use or operation of an automated license plate recognition system.

You can read their full news release on their web site. They have also established a dedicated assistance line to address any questions individuals may have and to provide credit monitoring services to potentially impacted individuals. The assistance line can be reached at 855-535-1860, Monday through Friday, 6 a.m. to 6 p.m. Pacific Time.

Editing by Dissent

About the author: chum1ng0

Comments are closed.