Azusa police suffered a ransomware attack in 2018. The city kept it secret
The recent ransomware attack that spilled thousands of sensitive Azusa Police Department files online was not the first time hackers demanding money had infiltrated the agency’s computer systems.
In response to queries from The Times, city officials acknowledged this week that foreign hackers seized control of the police dispatch system and other data for more than a week in 2018.
For the record:
2:46 p.m. June 13, 2021An earlier version of this story incorrectly identified Chubb instead of Brit Insurance as the Azusa’s cybersecurity insurance carrier during a 2018 hack.
The attack forced Azusa to rely on other departments for help with 911 operations and cost the city more than $50,000, but officials never informed citizens it occurred.
“We did not make a public statement and did not have to file anything legally because we could confirm that no data was migrated out” of the police servers, said city manager Sergio Gonzalez.
About a week into the 2018 hack, the city’s cybersecurity insurance carrierpaid $65,000 to the attackers to regain access to a server containing the dispatch system and arrest data, the most critical of about a dozen servers affected, Gonzalez said.
Subsequently, a“breach coach” was able to locate digital keys online that allowed the city back into its other servers without paying additional ransom. Gonzalez said the process took “a few weeks.” Because of its insurance deductible, Azusa had to cover $50,000 for costs including computer forensic work.
The hack was ultimately traced to an email attachment opened by a police employee. Though the sender appeared to be an official at a state agency, the email originated with the hackers, and the attachment unleashed a virus that allowed the hack.
Employees were counseled extensively to be on guard for suspicious emails, but this spring, a different hacking group pierced the system again.
“We looked at our software system, antiviral system [and got it] to what we thought was a better position,” Gonzalez said, “but these attacks have become a lot more sophisticated.”
The entry point appears to have been a link in an email that seemed innocuous, he said.
In the most recent hack, the police were not locked out of their computers. Instead, the suspected assailants, a group known as DoppelPaymer, announced in early March that they had copied huge amounts of data and would release it on the so-called dark web if a ransom wasn’t paid.
DoppelPaymer demanded 15.5 bitcoin, which was worth about $800,000 at the time, Gonzalez said.
The city’s current insurer, Chubb, balked, citing recent warnings from the U.S. Department of Treasury about possible sanctions for ransomware payments to groups designated as “malicious cyber actors.” One group placed on the Treasury sanctions list in 2015, Russian-based Evil Corp., is believed to be connected to DoppelPaymer.
When the ransom deadline passed, the hackers placed 7 gigabytes of Azusa data online. The materials included investigative files, including recordings of witness interviews, a gang database and arrest reports, as well as officer payroll data. As of Monday, the index page for the data had received more than 11,000 views.
Azusa has urged anyone who has provided personal information to the Police Department to contact a special helpline — (855) 535-1860, 6 a.m. to 6 p.m. Monday through Friday — and to check with credit agencies to ensure they haven’t been targeted for identity theft.
Start your day right
Sign up for Essential California for news, features and recommendations from the L.A. Times and beyond in your inbox six days a week.
You may occasionally receive promotional content from the Los Angeles Times.