BitPaymer ransomware, a component of Crypto Locker ransomware, infected the Borough of Matanuska-Susitna (Mat-Su) and City of Valdez in Alaska, shutting down operations, according to the Anchorage Daily News.
A detailed report on the virus situation says that the networks were affected by a zero-day attack and an advanced persistent threat, meaning a mix of malicious software, including Trojan Horse, Worm, Crypto Locker and Dead Man’s Switch.
Most likely, an employee received an email with an infected link which once clicked on led the user to an infected webpage, exposing local admin permissions. Hackers used the Trojan component to remotely access the network and infect it with other malware that spread to other workstations, corrupting the entire system. Only Windows machines were affected.
Even though a security solution was deployed, “anti-virus the software does not yet have the virus definitions in their software to catch and remove this threat,” writes Eric Wyatt, IT Director of Matanuska-Susitna Borough, part of the Anchorage Metropolitan Statistical Area.
According to the FBI, the malware may have been in the system since as early as May 3, which means data may have been leaked from the system during this timeframe. The Trojan component was detected on July 17, following an update of the security software deployed to protect the network.
Once the anti-virus and the team started removing the detected components, the Crypto Locker component was provoked infecting almost 500 workstations and 120 servers.
Wyatt believes “the attack’s purpose is not based primarily on money from a particular victim, but to disrupt operations and potentially steal information that may lead to greater financial reward and more disruption from downstream victims.”