Pensacola, Florida Hit by Cyber Attack, City Services Impacted
The city of Pensacola is struggling to recover from a cyber attack that hit its computer network over the weekend. Some services are still affected but no critical ones. Few details are available but the attack prompted the city to disconnect much of its network until a solution for the problem was found.
The incident became known around 1:30 a.m. on Saturday and city employees in the IT department have been working to restore the network.
It is unclear what type of cyber incident is causing the issues or how many computers it affected but the online payment systems at Pensacola Energy and for city sanitation are among them.
Due to the nature of the information available on these systems, investigators are now trying to determine if data was exposed.
Computer-based communication, including email, is also down but 911 and other emergency services (police and fire departments) remained unaffected and online permitting is available. Some phones have been impacted; the 311 customer service is able to receive calls but responding to requests may not be immediately possible, reads a statement from the City of Pensacola.
"We severed things immediately as soon as we found out we were having this problem," said Pensacola Mayor Grover Robinson in a press conference today, reports the Pensacola News Journal.
Most of the systems currently offline are so because the IT department took the decision as a preventive measure, said Pensacola spokeswoman Kaycee Lagarde.
Also at Ars Technica.
Related: Ryuk Ransomware Decryptor Is Broken, Could Lead to Data Loss
Related Stories
Submitted via IRC for chromas
Ryuk Ransomware Decryptor Is Broken, Could Lead to Data Loss
Due to recent changes in the Ryuk Ransomware encryption process, a bug in the decryptor could lead to data loss in large files.
Ryuk is a ransomware infection known to target the enterprise or govt agencies by gaining access to their networks and then encrypting as many computers as possible. The attackers then demand large ransoms, sometimes in the millions, in order to receive a decryptor for their files.
According to antivirus and security firm Emsisoft, Ryuk was recently modified so that it does not encrypt the entire file if it is larger than than 57,000,000 bytes or 54.4 megabytes. This is done to prevent the encryption process from taking too long, which could allow victims to more readily detect that the ransomware was running.
Instead the decryptor will partially encrypt the file by encrypting a certain number of 1,000,000 byte blocks of data, up to a hard maximum of 2,000
For a large file, the ransomware will then store the number of blocks that were encrypted next the 'HERMES' file marker in the footer. For example, the encrypted file below had 112 1 million-byte blocks encrypted.
Smaller files that are entirely encrypted, though, will not contain a block count in the footer.
Emsisoft CTO Fabian Wosar told BleepingComputer that a bug in the Ryuk decryptor is causing the size of the footer in large files to not be properly calculated due to the variable nature of the block count.
This causes the decryptor to truncate certain files before the last byte.
(Score: 1, Interesting) by Anonymous Coward on Thursday December 12 2019, @12:45AM (1 child)
https://arstechnica.com/information-technology/2019/12/pensacola-city-government-was-hit-by-maze-ransomware-was-data-stolen/ [arstechnica.com]
(Score: 1, Informative) by Anonymous Coward on Thursday December 12 2019, @02:47AM
Mod redundant, but "...on Windoze".
(Score: 2) by The Mighty Buzzard on Thursday December 12 2019, @03:37AM
And this is why you do not connect anything actually important to the Internet. Yes, it's convenient. Right up until your shit gets hacked. And it will get hacked.
My rights don't end where your fear begins.
(Score: 1, Offtopic) by jmichaelhudsondotnet on Thursday December 12 2019, @02:55PM
Pensacola 1997 - Finally we have internet
Pensacola in the matrix - THE INTERNET IS ATTACKING US RUN!
I strongly suspect a lot of these problems have to do with this problem:
https://archive.is/EoIML [archive.is]
and this one
https://archive.is/5II5U [archive.is]
and this one
https://archive.ph/T95pm [archive.ph]
https://archive.is/Eu1Z4 [archive.is]
mossad trades information, like they traded, according to adelson, Assanges embassy cam footage, so any data or passwords the nsa has might be sold off the back of a truck by israel.
good job, great work US Military! Keep it up! /s
https://archive.is/5LJ82 [archive.is]
https://archive.is/FMvgZ [archive.is]
https://archive.is/ET5w1 [archive.is]