Dive Brief:
- Automatic Funds Transfer Service (AFTS), a Seattle-based payments processing company, was the victim of a recent ransomware attack in early February, carried out by a criminal group called Cuba Ransomware, the Seattle Times reported.
- AFTS provides "payment processing, billing, mailing and other services for municipal utilities and other customers" in various locales in Washington and California.
- Many of AFTS' impacted clients were state and local government agencies, highlighting how vulnerable many of these smaller locales are to cyberattacks.
Dive Insight:
Ransomware attacks usually involve intruders breaking into victims' databases to steal data or, more commonly, threatening to sell or lock the data unless the victims pay a ransom fee.
The ransomware group purports to have stolen "financial documents, bank employee correspondence, account movements, balance sheets and tax documents," Tech Crunch reported. Cuba Ransomware's website on the dark web claims to have "information about companies that did not want to cooperate ... Part of the information is for sale, part is freely available."
The attack disrupted AFTS' business operations, causing payments management processing to occur at a slower pace. Additionally, it caused AFTS' website to go down.
Clients including the California Department of Motor Vehicles and cities of Seattle and Kirkland say individual information such as banking information and vehicle registration may have been compromised, but personal data such as Social Security numbers and credit card numbers were not.
The ransomware attack was similar to other attacks of this nature, Information Security Newspaper reported. "Cuba's operators stole sensitive information before encrypting affected systems, probably with the intention of selling it in illegal forums. After an initial infection, Cuba begins to spread over the compromised network, stealing login credentials and triggering encryption of attacked systems."
Bleeping Computer was the first organization to report a connection between a recent AFTS breach and the Cuba Ransomware attack.
Meanwhile, impacted agencies are finding new ways to function. According to the Seattle Times, the city of Redmond, which was among those impacted by the attack, has reportedly warned utility customers to be prepared for "this month's invoice to look slightly different, as it will be manually printed and distributed by City staff."
The Suburban Times reported AFTS has hired a forensic company to address the ransomware attack. The company is also trying to retrieve its information and undo some of the damage that has happened.
