A ransomware gang has published personal and financial data from the Californian City of Torrance online — and threatened to reveal 200GB more unless their demands are met.

Calling themselves DoppelPaymer, the ransomware gang has demanded 100 Bitcoin (BTC) — worth around $700,000 — in exchange for not releasing any more files stolen in the March 1 cyberattack. 

The cyberattack erased the City's local backups and encrypted approximately 150 servers and 500 workstations. The release of the data is embarrassing for City officials who claimed that no private data from its 145,000 residents had been compromised in the attack. 

To prove it had, the group set up a site called “Dopple Leaks” with a sample of the hacked files, including city budget financials, accounting, and other documents belonging to the City Manager of Torrance.

The StateScoop website reports it has examined the files and uncovered individuals’ names, dates of birth, Social Security numbers, and other personal identifying information, as well as 181 pages of financial transactions that occurred in the 2019 fiscal year.

Ransomware attacks are down?

Despite Torrance’s fate, a recent report by malware lab Emsisoft showed that there was a significant drop in the number of successful ransomware attacks on the U.S. public sector for Q1 2020, partially due to more employees being forced to work remotely.

Emsisoft threat analyst Brett Callow told Cointelegraph:

“...it’s very obvious to ransomware attackers that they’ve got a potentially valuable target when they hit a corporate endpoint. It may however be less obvious when they hit a personal device that an employee is using while working remotely, and which is only connected to corporate resources on an intermittent basis. “

The Emsisoft report, however, also mentioned that ransomware attacks can be seasonal. The recent overall drop should not be a sign of complacency. An FBI report stated that victims paid roughly $144 million in BTC to ransomware hackers between October 2013 and November 2019. As many attacks go unreported, this is likely an underestimate.