PEMBROKE PINES, Fla. – In mid-January, the city of Pembroke Pines was hit by a ransomware attack, a cybercrime where hackers access computer networks and lock up sensitive information until the organization agrees to pay a significant amount of money.
While it’s unclear at this point if any residents’ personal information was stolen, experts say it’s very possible.
“Ransomware has fundamentally changed in the last couple of years,” said Brett Callow, a cybersecurity threat analyst for Emsisoft. “In the past, they simply used to encrypt their victims’ data, lock it up, and demand payment to get a key to unlock it. Now, they still do that but they also steal a copy of the data and they threaten to release that online unless the targeted organization pays their demand.”
According to a statement from Pembroke Pines, the attack on Jan. 13 locked up certain city computer systems. Officials say they immediately began an investigation, notified law enforcement, and are working with specialists to restore their systems.
But at this point, it’s unclear whether the personal information of residents or city employees was stolen. The city says it will notify affected individuals if it has.
“It takes time for organizations to work out whether or not information was stolen,” Callow said. “It’s not a quick or easy process.”
It’s also unknown at this point how the attack happened.
Callow said the most common ways for attackers to get in are malicious email attachments and vulnerable remote access points.
And, if the hackers did steal peoples’ personal info, they could use it as additional leverage for payment
“If the targeted organization doesn’t pay, the data may be sold or it may be posted online where it can be accessed and used by other criminals,” Callow said. “The information is primarily used as additional leverage to extort payment from the organization. The attackers are after a multi-million dollar payout very often and they aren’t really interested in the nickels and dimes they would get from selling social security numbers, for example.”
Callow said these types of attacks are far from rare.
“In the last three years, more than 4,000 organizations had their data stolen and posted online, and those include police departments, a state attorney general and even a company that contracts on the Minuteman nuclear missile program,” he said. “The people who create the ransomware are commonly believed to be in Russia or Eastern Europe. However, they operate on what’s known as ‘ransomware as a server’ basis. They lease their ransomware out in effect and others can use it to carry out their attacks and then they all split the profits.”
Local 10 News contacted several people with the city of Pembroke Pines, none of which agreed to talk on camera about the ransomware attack. All of them said the FBI is investigating and that they were not allowed to say much more than the statement they sent last week.
That city statement read:
“Thank you for reaching out. In response to your email, on January 13, 2022, The City of Pembroke Pines was the victim of a ransomware attack that impacted our ability to access certain City computer systems. We immediately began an investigation and have been actively working with third-party specialists to determine the nature and scope of the incident and to securely restore systems. We have reported this incident to law enforcement. Please note that public safety services including Police and Fire response remain operational. Should our investigation determine that personal information was affected by this incident, we will provide notice to individuals as required.
“Because our investigation is ongoing, we are unable to provide specific details about the incident at this time. However, we can provide operational updates when we are able to do so. The City appreciates the patience and understanding of our residents and employees as we continue to respond to this incident.”