A ransomware gang launched an attack on the information technology systems of Florence, Alabama, in May. This attack came despite warnings by cybersecurity firms about possible hacker infiltration into the city’s infrastructure.

According to a KrebsOnSecurity report from Monday, city officials intend to pay a ransom of nearly $300,000, citing concerns that failing to do so may result in private citizens having their personal data leaked. If paid, the ransom will be covered in Bitcoin (BTC).

DoppelPaymer group behind the ransomware attack

Wisconsin-based security firm Hold Security first alerted the city to the threat DoppelPaymer represented to its IT infrastructure, as well as its 40,000 residents.

Last Friday, Florence Mayor Steve Holt officially confirmed that the city’s email system was hacked. Although he did not initially acknowledge that it was a ransomware attack, he confirmed via the KrebsOnSecurity report that DoppelPaymer was behind the attack on Tuesday.

The Mayor confirmed that hackers initially demanded 39 BTC ($378,000). With the help of an external security firm, the city managed to reduce the price to 30 BTC ($291,000), with the caveat being that if it does not pay this amount in full, the hackers will leak the data.

Speaking with Cointelegraph, Brett Callow, a threat analyst at malware lab Emsisoft, commented:

“Despite being warned that its network had been compromised, Florence was nonetheless hit by ransomware due to the inadequacy of its response to the initial incident. Organizations cannot afford to be sloppy when it comes to remediating incidents. Completely rebuilding the networking is the only sure-fire way to ensure that an incident such as this does not become a ransomware event in which data is encrypted and possibly exfiltrated.”

The hackers often target cities’ IT infrastructures

Callow says that the ransomware group has claimed multiple other victims, including the city of Torrance, Visser Precision and Kimchuk.

DoppelPaymer is known for being one of the ransomware that asks for the most money in its attacks, mainly targeting companies and government offices.

Alex Holden, the chief information security officer of Hold Security, told Cointelegraph:

“As we monitor many notorious cyber gangs, ransomware is the most preferred vector of attack because of ease of cashing out - paid by the victims themselves. Also, historically, a significant number of victims do not take alerting seriously and often do not follow the best practices ending up victimized regardless of advanced notice. Plus, the victims are not shy about paying ransom, as it became a “norm” in our society today.”

Recently, the DoppelPaymer gang managed to breach Maryland-based Digital Management Inc.’s network. This company provides IT and cybersecurity services to several Fortune 100 companies and government agencies, such as NASA.