The Cuba ransomware gang released assaults in February on a payment processor widely utilized by a lot of condition and municipal organizations throughout the United States to handle utility costs and driver’s license facts, prompting information breach notifications from various towns and agencies in California and Washington.
The miscreants gang stole unencrypted data data files from Seattle-based Automatic Cash Transfer Providers (AFTS) and injected the ransomware, harming the company’s company functions and bringing down its site, according to first reviews.
The California Division of Motor Autos (DMV), which uses AFTS to confirm automobile registration addresses, notified point out people Wednesday about the ransomware attack. The DMV stated company systems experienced not been compromised. The agency’s statement stressed the AFTS does not have access to DMV customers’ social security quantities, birthdates, voter registration, immigration status or driver’s license data.
The DMV did acknowledge that the ransomware attack may have compromised information supplied to AFTS by the DMV, which includes the final 20 months of California car registration data that incorporate names, addresses, license plate quantities and automobile identification quantities.
As soon as notified of the opportunity breach, the DMV straight away stopped all facts transfers to AFTS and notified law enforcement, which include the FBI.
The metropolis of Seattle also issued a statement confirming the attack and also declaring there’s no proof that any metropolis IT infrastructure or systems had been impacted or are at heightened risk. Town officers said a “small” range of city departments use AFTS for commercial billing, printing and mailing products and services.
A lot of other metropolitan areas and municipalities issued related statements acknowledging the attack and explaining ransomware fundamental principles to citizens in the course of Washington, like Alderwood, Everett, Kirkland, Lakewood, Monroe, Redmond and Silver Lake.
“It’s intriguing that only the California DMV’s advisory linked to AFTS contains a reference to the ‘last 20 months of California car or truck registration data,’” mentioned Oliver Tavakoli, CTO at Vectra. “As it’s not likely that an attack of this sort has been dormant for 20 months, this would appear to be to show that AFTS retains transaction information for at minimum 18 months and the earliest indication of the attack could be two months outdated.”
Tavakoli stated this incident should reminds security professionals of a greatest practice all around lessening the sizing of details leaks: thoroughly scrutinize how extended the group should keep data and aggressively get rid of the facts at the time it has reached that age.
Some pieces of this report are sourced from: