27. November 2020

Hackers break into RS city system and ransom Bitcoin

Ransomware attacks are endemic in the cyber environment, happening with great frequency. One of the main characteristics of these attacks is the ransom demand in Bitcoin.

The city of Candiota, a municipality of Rio Grande do Sul with only 10,000 inhabitants, had the system used by the City Hall compromised by a hacker attack that hindered the operation of important services. The hackers asked for a rescue in Bitcoin Storm to return access to the servers to the city hall.

As shown by G1, the City Hall had four of its systems compromised by a ransom attack. This type of attack „hijacks“ different systems, blocking access to various files through encryption. To access these files the victim needs to pay a ransom for the decryption program, this ransom is almost always requested in cryptomoedas.

On the computer screen, the hackers displayed a message requiring the payment of a fee to get the system back up and running. The employees discovered the attack when they tried to use the system to launch the revenue of the month. On the computers connected to the system a message asking for the ransom in digital currency was displayed on the screen.

„We received a message on Tuesday [13] saying that we had a deadline of 24 hours to pay, in Bitcoins they call, right? That is the digital wallet to have the system put back on the air again,“ Candiota’s Administration and Finance Secretary Alexandre Vedooto explained to the G1.

According to the municipality’s administration, the IT department started working on backing up the system as soon as the attack was identified. The municipality’s professionals were able to recover parts of the system, using the backup from before October 1.

„We only have a partially functioning system that is for issuing electronic invoices. That is the first one we have put back into operation, which is for those who need to take out an electronic bill not to be harmed,“ Vedooto said.

However, other systems are still out, such as paying suppliers and scheduling enquiries and surgeries. The city believes it will be able to bring the whole system back by next Monday, 19, using the available backups.

Ransomaware is a big cyber risk, rescue in Bitcoin is common

Ransomware attacks are endemic in the cyber environment, happening with great frequency. One of the main characteristics of these attacks is the ransom demand in Bitcoin.

The currency is one of the hacker’s favorites because of the value and ease of the transaction. However, Monero is slowly becoming commonplace because of true anonymity. Most of the time hackers use mixer services to hide the collected Bitcoins.

The fact that the attack was reversed through a backup recovery indicates that the team behind the hack was not experienced or did not use a very complex variation of the ransomware.

In higher level attacks, the virus is able to prevent Backup recoveries and even destroy files that try to be recovered without paying the ransom.