Geneva, Ohio discloses ransomware attack
Warren Dillaway reports that that the city is investigating a breach. In a statement the city issued, they wrote:
“Early Friday morning, July 16, 2021, the City of Geneva discovered an online breach into the city’s website and online data systems. The City of Geneva’s executive management and information technology department immediately began accessing the city departments that could have exposure,” Varckette stated.
Emergency operations reportedly remain up and running and there has been no disruption in emergency services to the city.
Read more on The Star Beacon.
Data Already on The Dark Web?
On July 18, threat actors calling themselves AVOSLocker listed Geneva on their dedicated leak site with a message:
Sun, 18 Jul 2021 00:00:00 GMT
The city of Geneva, in Ohio, was recently locked by one of our partners.
We are waiting for them to contact us. In the mean time, we are releasing a small sample of files that were exfiltrated from their network. Sensitive citizen information such as social security numbers & credit cards were redacted.
As proof of claims, they uploaded a few screencaps of files that involved criminal charges against one person, a directory of files from a drive, and some tax-related files which, unfortunately, were not fully redacted.
AVOS does not say who their “partner” in this attack is, but it appears that the ransom note was left on the city’s server with a filename “GET_YOUR_FILES_BACK.”