A company named CivicSmart from Milwaukee that’s selling smart parking meters was hit by Sodinokibi ransomware, and the attackers manage to steal a large amount of data which they then used for further leverage.
These days, it seems that the most affected industries have something to do with the coronavirus, at least tangentially, when it comes to cyberattacks. Healthcare organizations are getting it left and right, even if they are working on a possible vaccine against the virus.
Unfortunately, bad actors don’t stop, even in these troubling times, and will use any weakness they find in a system. The CivicSmart attack was perpetrated with Sodinokibi ransomware and followed the extraction of 159 gigabytes of data. Usually, this kind of action came from attackers using Maze, but it looks like it’s now being employed by other groups as well.
According to Scoop News report, the attack took place back in March, but the company remained silent and chose to pay the ransom and retrieve the files. According to initial reports, the leaked data included employee records, bank statements, credit card numbers of customers, and even contracts with cities and parking garage vendors.
A smart parking system is a great idea, and it’s used in many cities from around the world, but like any other service that deals with credit card payments and other sensitive data, the security must never be in second place.
The new strategy used by hackers to steal data from the affected systems seems to be used more widely in the past few months, and its slowly becoming the new normal in cyberattacks.
The other problem is that the company didn’t say anything about the attack and data leak, even after it presumably paid the hackers. This means that people’s financial and personal data was compromised, but they have no idea about it, leaving them exposed to frauds and other hacks.