A company named CivicSmart from Milwaukee that’s selling
smart parking meters was hit by Sodinokibi ransomware, and the attackers manage
to steal a large amount of data which they then used for further leverage.
These days, it seems that the most affected industries
have something to do with the coronavirus, at least tangentially, when it comes
to cyberattacks. Healthcare organizations are getting it left and right, even
if they are working on a
possible vaccine against the virus.
Unfortunately, bad actors don’t stop, even in these
troubling times, and will use any weakness they find in a system. The
CivicSmart attack was perpetrated with Sodinokibi ransomware and followed the
extraction of 159 gigabytes of data. Usually, this kind of action came from
attackers using Maze, but it looks like it’s now being employed by other groups
as well.
According to Scoop News report,
the attack took place back in March, but the company remained silent and chose
to pay the ransom and retrieve the files. According to initial reports, the
leaked data included employee records, bank statements, credit card numbers of
customers, and even contracts with cities and parking garage vendors.
A smart parking system is a great idea, and it’s used in
many cities from around the world, but like any other service that deals with
credit card payments and other sensitive data, the security must never be in
second place.
The new strategy used by hackers to steal data from the
affected systems seems to be used more widely in the past few months, and its
slowly becoming the new normal in cyberattacks.
The other problem is that the company didn’t say anything
about the attack and data leak, even after it presumably paid the hackers. This
means that people’s financial and personal data was compromised, but they have
no idea about it, leaving them exposed to frauds and other hacks.