A new online post by the DoppelPaymer gang further suggests that a cyberattack experienced by Torrance, California in late February-early March was a case of ransomware — one that appears to have affected personal data, despite the Los Angeles-area city’s claims otherwise.

Brett Callow, threat analyst at Emsisoft, shared several examples of sensitive data published on DoppelPaymer’s doxxing site, where the threat actors post documents stolen from victims as part of an extortion scheme. Examples included a probation violation form from the Torrance City Attorney’s Office; a declaration in support of access to juvenile records filed with the Superior Court of California, County of Los Angeles; and a budget import audit listing.

BleepingComputer has reported that the attackers demanded a 100 ransom — which falls a bit short of $700,000 — after decrypting key files and exfiltrating breached data under the threat of publishing it.

In a March 1 press release set up on a temporary website, Torrance acknowledged the attack in generic terms, referring to an incident as a “digital compromise interrupting email accounts and server function,” resulting in the disruption of some city business services. Ransomware was not specifically cited as the cause.

In that statement, the city asserted that “Public personal data has not been impacted.” But if DoppelPaymer’s new post is, indeed, authentic, then this statement is wrong.

“I don’t know why governments make these hasty claims,” Callow told SC Media. “

A more accurate statement would be, ‘We’ve been hit by a ransomware group which is known to steal data, but cannot yet say whether our data was stolen. We’ll only know that when either a) the criminals publish it or b) we complete our forensic investigation in a month’s time. Meantime, people should be on the lookout for spams, scams and fraudulent activity on their accounts.’”

However, Michael Smith, public information officer with Torrance, told SC Media that “Our initial press release still stands [on] its merits,” also noting that “there’s no update at this point.”

Smith said all systems were restored to normal functionality prior to the March COVID-19 lockdowns experienced by California and most other U.S. states. In that sense, the city was fortunate to have bounced back before encountering a major crisis that could very well have slowed down its recovery.

SC Media asked cyber companies what might happen if an attack similar to the one experienced by Torrance were to take place under current COVID-19 conditions.

“In the case of an attack like this, they have to: one, see where it is spread, and two, see where it came from. They have to work backwards from the breach down to the actual systems that are infected,” said Brook Chelmo. software and security product marketing strategist at SonicWall. “

This will limit city service and possibly make it difficult for employees to work from home.”

In this hypothetical scenario, “the city may be focusing on keeping VPN connectivity and the network stable for their work-from-home users,” continued Chelmo. Noting that in real life many IT admins “are complaining that procrastination sites and other streaming services are impacting their ability to keep the network functional,” Chelmo further observed that “trying to keep the network functional while remediating this issue [would] be a difficult task. “

The post Online leak: no personal data was affected by cyberattack appeared first on Aryason.

The post Alibaba will invest $28 billion to stay current and improve the cloud infrastructure appeared first on Aryason.

The good news for DevOps teams, is that even in companies where other employees have to report to an office, they are more likely to work remotely or with offshore development teams in other parts of the world. In addition, most IT management tools are accessible via a web-based interface, especially those for the public cloud.

The DevOps engineers of companies have a shared opinion on the impact of social remoteness and remote working.

IT professionals know they can rely on IT automation tools that require little coordination and manual intervention to operate critical systems. Yet many agile and DevOps practices have been developed around daily or weekly team meetings in front of whiteboards and informal conversations between employees in the same office.

The post Coronavirus: DevOps engineers at work from home appeared first on Aryason.