now browsing by tag


#hacking | NTSA arrests reveal reluctance to upgrade number plates system

Source: National Cyber Security – Produced By Gregory Evans

The government has, since 2015, been planning to produce new-generation number plates that would be impossible to copy.

The proposed plates would have anti-counterfeit features that include holograms, watermarks, and laser markers which, if implemented, would provide the necessary checks against double registration of cars.

When they were arrested in Ngara, Nairobi, Michael Onyango Oduor, 54, and Sylvester Onyango, 30, were found actively trying to hack the NTSA website and the Transport Information Management System (TIMS). The third suspect, 33-year-old Antony Rugut Korir, was picked at NTSA offices where he works at the call centre.

He is suspected to have been assisting the hackers to access the NTSA network.

After the arrest, detectives recovered Sh1.18 million in 100 US dollar bills, three motor vehicles and a fibre laser cutting machine  used to cut number plates.

A compressor machine that was being used for painting number plates, one number plate, five desktop computers, laptops, logbooks, modems, hard drives and flash drives were also recovered.

But even as the NTSA grapples with the fake number plates’ menace, the correctional services department under the same Interior ministry is on the spot for failure to initiate production of the new-generation number plates.

 The government has, for the past five years, been seeking to replace the current plate production system, whose loopholes crooks have exploited to steal cars or dump cars meant for export in the country.

 The current system produces 1,000 pairs of licence plates per day, as opposed to a new generation system that could  make 6,000.

In 2015, the state department for correctional services advertised for the supply of raw materials for number plate blanks and hot stamping foils.

However, the tender was challenged in court and the matter was finally settled in 2017.

The Attorney General advised that the tender be awarded to the initial winners as per the High Court ruling.

President Uhuru Kenyatta visited Kamiti Prison in February 2017 and was shown machines for the new generation number plates.

In March 2019, the parliamentary committee on security also made a similar visit, but not much has been heard from the government since then.

Despite the noble plans, the  old number plates continued to be issued. The reason given is that the laser marking machine is yet to be delivered.

Sources indicate the machine was ordered in 2018 but the firm that won the tender, Tropical Technology Limited, is yet to deliver.

 According to sources in the prisons department, the company declined to deliver the machine despite having imported it after the prisons department declined to issue  a local purchase order.

“Production and roll-out of new-generation number plates was rescheduled to commence on July 1, 2018, but could not be executed until the process of procuring the laser marking machine – which is for validating  licence plates – had been concluded. “In July 2019, the department of correctional services declined to accept a consignment of number plate blanks from Tropical Technology in fulfillment of their order, even though it had accepted the previous two consignments from the company,” said a source.

Last year, the government sent a delegation to Germany with the aim of buying a new machine but, according to sources, they were advised that the machine they were looking for produces 30 million plates a year and would require several countries to come together.

NTSA was hived off the Kenya Revenue Authority in 2012. According to sources, the move  delinked the entire vehicle  importation, declaration, inspection and registration process with disastrous consequences to the security of the country.

“Now importers and motor vehicle dealers do not fear or bother about KRA in their schemes to import and declare motor vehicles as transit goods meant for South Sudan, Rwanda or Congo.

“Once they get to Busia or Malaba border, the cars are hidden, the paperwork is perfected, transit bonds cancelled and customs entry into Kenya is retired and archived.

“The crooks create a fictitious entry in the system and take them to NTSA.

“The fellows in ICT at NTSA deploy a malware or manipulate the registration system to allow the insertion of special characters such as dots, commas and apostrophes during the input of the chassis number.

“The TIMS can’t detect that the chassis number is for a motor vehicle that was meant for transit to a second country,” said the source.

The most lucrative cars are those with high-engine capacity such as Range Rover, Toyota Prado, Audi, BMW, Porche and Jaguar.

They are illegally diverted to the local market and registered without paying tax.

Insiders said separating the vehicle importation process from registration was a big mistake.

NTSA should have been left to manage the licensing, registration and transfer of vehicles from one owner to another.

“The delay in implementing the new number plate registration process is deliberate. KRA is forced to release cars from Mombasa port before they have number plates, which gives crooks at the NTSA leeway to tamper with the declaration and registration process,” said another source.

Efforts to get a comment from NTSA Director-General George Njao were fruitless as our calls and text messages went unanswered.

Last week, the National Police Service disclosed that it was trying to impound  about 450 vehicles registered illegally to evade paying tax.

Unscrupulous businessmen colluded with rogue employees to infiltrate the NTSA website and fraudulently register vehicles.

 NTSA admitted that its database had been infiltrated and that some vehicles got into the system without following the laid-down procedures.

NTSA, in a statement, listed  37 names of individuals and companies whose data was used to  register vehicles fraudulently.

The scandal raises questions on the safety of motorists’ data in the TIMS register.

Just last year, the then Interior CS Fred Matiang’i called for investigations after it emerged that some NTSA employees had colluded with KRA officials and  car dealers to clone car number plates.

One of the cars with duplicated plates was used during the Dusit D2 attack.

The NTSA circular listed 42 vehicles  issued with new number plates when they were destined for other countries including South Sudan, Uganda, Malawi, Uganda, Burundi, the DRC and Tanzania.

Last year, police impounded hundreds of vehicles after it emerged that their number plates had been cloned or they were fraudulently registered.

Some 19 NTSA employees were arrested in connection to the plate-cloning ring but they were later released.

Source link

The post #hacking | NTSA arrests reveal reluctance to upgrade number plates system appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Ryuk Ransomware behind Attack on Florida Library System

Source: National Cyber Security – Produced By Gregory Evans

(TNS) — The cyberattack that took down public-access computers at Volusia County, Fla., libraries last month involved ransomware that has elicited millions of dollars in ransom payments from governments and large businesses.

Volusia County officials say they’ve referred the attack to law enforcement, but would not say which agency is investigating. Emails provided in response to a public-record request indicate the library computers were infected by Ryuk ransomware. The county will not say whether it has made a ransom payment.

“Because it’s under investigation, we have no comment at this time,” said Kevin Captain, a county spokesman in an emailed response to a question about ransom.

Captain confirmed the county’s insurance deductible is $100,000. “The county has no confirmation of cost at this time but will at a later date,” Captain said.

Volusia County provided The News-Journal hundreds of pages of emails about the ransomware incident, some of it redacted because of the ongoing criminal investigation.

At 8:44 a.m. Jan. 9, Brian Whiting, director of information technology at Volusia County, wrote an email to support desk staff stating: “The Volusia County Library is currently being cyber attacked by Ryuk, an attack propagated frequently via email phishing attack.”

Later that day, in another email, Whiting says the IT department has detected “a ten-fold increase in attempted attacks over the past month or so.”

Twenty servers and about 600 computers were encrypted — essentially locked up — by the ransomware. The county was able to restore about 50 computers used by library staff to conduct business, such as checking books in and out, but the public-access terminals would remain down for about two weeks.

One of Volusia officials’ first calls reported the incident to the Center for Internet Security’s Multi-State Information Sharing and Analysis Center (MS-ISAC) in East Greenbush, New York. The Center for Internet Security is a nonprofit organization that works to safeguard private and public organizations against cyber threats.

An emergency response team from MS-ISAC got involved.

Volusia officials soon also contacted their London-based claims adjuster, CFC Underwriting, which became involved in approving expenditures on outside security firms to assist with bringing the system back. Solis Security in Austin, Texas, was also brought into the loop.

And at some point, the county notified the Department of Homeland Security about the incident, according to an email written by Andrew Krasucki of CFC Underwriting.

An email from Joshan Heer of CFC Underwriting to county officials summarized what had been found by midday Jan. 10:

Encryption of the Volusia library computers began at around 1:30 a.m. on Jan. 9, and a ransomware note had been left on a desktop by 7 that morning.

File extensions had been changed to .ryk, indicating the Ryuk ransomware. Volusia County IT staff shut down and disconnected all the computers from the county network.

“It is believed sensitive data is not at risk due to (redacted),” Heer wrote, adding that would have to be confirmed.

“Those who’ve used public-access computers on a network that’s been hit by Ryuk probably don’t have much to worry about,” said Brett Callow, a threat analyst with Emsisoft, a New Zealand-based anti-malware company. “The Ryuk operators have not been known to steal data.”

Cyber defense experts say Ryuk has been used in hundreds of attacks on U.S. governments and businesses since 2018, and in some cases the criminal gang of hackers responsible for the attacks have been paid handsomely.

The cost of these attacks in 2019 was estimated by Emsisoft at $7.5 billion.

At least three Florida municipalities were victimized in June 2019 alone, including:

  • Riviera Beach, a Palm Beach County city of 35,000, which paid 65 bitcoins – or about $600,000 – in exchange for a decryption key from the attackers.
  • Lake City in northern Florida paid about $460,000 in bitcoin to recover data and computer operations.
  • Key Biscayne – a town on a barrier island near Miami – was hit and spent money trying to restore its network.

While it is unclear whether Volusia paid a ransom, Krasucki’s email of Jan. 13 indicated the county might have had a way to restore its data.

“A system state backup stored on an external drive will be utilised to rebuild the active directory structure and the domain controller servers,” Krasucki wrote.

Callow said Ryuk is commonly used in attacks on both the public and private sector and accounts for between 15% and 25% of all ransomware incidents.

SentinelOne, another cybersecurity firm, reported Ryuk ransomware “is largely responsible for the massive increase in ransomware payments.” Where many cyber criminals demand $10,000 to remove the encryption on computer systems, Ryuk operators “demand an average of $288,000 for the release of systems.”

Yet another cyber defense firm, CrowdStrike, identifies the perpetrator of Ryuk as “Wizard Spider,” a Russia-based criminal group.

Callow said exactly who’s deploying Ryuk remains an open question.

“There’s speculation that the group behind Ryuk – and it does appear to be a single group – has Russian ties, but it is just speculation. Attribution is always extremely hard,” he wrote in an emailed response to questions.

“For example, some ransomware contains language exclusions and will not encrypt files if the operating system uses one of a number of specified languages – (post-Soviet) countries, Iran, etc.,” he wrote. “That could indicate origin – groups not wanting to poop in their own backyards – or it could be a false flag designed to misdirect law enforcement.”

Unlike other ransomware, which contain flaws in the encryption allowing security companies to create tools to recover data without needing to pay ransom, Ryuk has no such flaws, Callow said.

“The encryption is perfectly implemented and, consequently, the only way to recover data is to restore it from backups (assuming they were not deleted/encrypted during the attacks) or to pay the ransom,” Callow said.

©2020 The News-Journal, Daytona Beach, Fla. Distributed by Tribune Content Agency, LLC.

Source link

The post #school | #ransomware | Ryuk Ransomware behind Attack on Florida Library System appeared first on National Cyber Security.

View full post on National Cyber Security

#comptia | #ransomware | Baton Rouge college’s computer system attacked | State Politics

Source: National Cyber Security – Produced By Gregory Evans

With a week to go before final exams, ITI Technical College, a private Baton Rouge vocational college, is going back to paper, at least partially until its computer system is fully restored after being the latest Louisiana institution victimized by ransomware.

ITI Vice President Mark Worthy said Tuesday the college’s computer personnel were working to get all the servers in the system back up and are making progress. But in the meantime, since many on staff began before automation, they’re starting to go through the documents that backup the databases to ensure that grades are recorded and financial aid gets to the right people.

“Full functionality? Not sure when because of the complexity,” Worthy said. Some of the critical systems are coming back online. Classes for the 605 students are continuing. Communications, however, have been crippled, so administrators are visiting classrooms to convey information.

What’s taking time is that the technicians are reconnecting each server for computers used by students and administrators on the six-acre campus only after checking to ensure the code is clean.

Monday’s ransomware attack, which crippled about 10% of the state’s computer network servers just hours after votes were tallied in statewide …

Technicians traced the ransomware attack back to the Czech Republic. The attackers replicated an employee’s contact list and sent out emails to faculty and staff that looked like the real thing. The messages asked the reader to click on an expected report, which one of the employees did on Monday, Jan. 27. In the dark hours of the following Wednesday morning, the school’s IT administrator was checking the network, as she usually does, and found suspicious activity. She disconnected all the servers from the internet, then started looking for the impacted systems, Worthy said.

But the ransomware was able to encrypt some of the databases and keep the school from accessing their files. Eventually, the techs found a message to contact the attackers for instructions on how and how much to pay to regain access to the databases. “We won’t pay and we won’t contact these criminals,” he said.

Initially, Worthy offered to hire specialists to work on the problem. But his IT staff argued that they would be more familiar with the architecture of the system. Besides, the school teaches information technology and has faculty and staff able to handle the problem.

Unlike, the City of New Orleans or state government, both of which were hit by ransomware attackers, ITI is a privately owned college. State government’s teams and experts are not available to the school.

Gov. John Bel Edwards is expected to discuss cybersecurity Wednesday in a speech before the Louisiana Municipal Association, whose members include several localities hit with crippling cyber-attacks.

“We’re running this rodeo on our own,” Worthy said. “Fortunately, we teach IT, so we have a lot of really, really sharp people already on staff.”

Worthy said ITI would be contacting police and the FBI after the system is back up and the incriminating evidence is collected.

Similar ransomware attacks have previously crippled Louisiana state agencies, city governments, and school systems.

When the first signs of a massive cyberattack became apparent in the Tangipahoa Parish School System’s computers, administrators thought it wa…

Two days before commencement ceremonies, Baton Rouge Community College leaders learned that its computers were cyberattacked by ransomware.

In November roughly 1,500 of the state’s 30,000 computers were infected by cyber attackers. The hackers blocked access to the state’s data until a ransom was paid. The state refused to pay but had to shut down systems that disrupted state services, such as slowing delivery of food stamps, as well as closing the Office of Motor Vehicles for several weeks.

In December, the City of New Orleans shut down its computer systems while technicians cleaned the ransomware out of code and reloaded the information onto city computers.

State officials plan to re-open eight of its main Office of Motor Vehicles locations Monday, a week after a cyberattack crippled Louisiana sta…

Source link

The post #comptia | #ransomware | Baton Rouge college’s computer system attacked | State Politics appeared first on National Cyber Security.

View full post on National Cyber Security

What’s behind Putin’s old-school operating system? – Naked Security

Source: National Cyber Security – Produced By Gregory Evans When it comes to computing, Vladimir Putin is old-school. Reports surfaced this week that the president of Russia is still using Windows XP as his primary operating system. Photos released by the 67-year-old world leader’s press service showed the operating system, released in 2001, running on […] View full post on

#cybersecurity | hacker | Is 5G the security silver bullet for system integrators in the West?

Source: National Cyber Security – Produced By Gregory Evans

U.S. vs. China heavyweight
fight not ending soon

As we endure the ongoing U.S.
vs. China trade talks, it has become increasing clear that the U.S.
administration’s on-again off-again relationship with China is not going to
change.  The U.S. is seeking a reset
in its relationship with China
including better protections for American IP,
and Huawei has become a victim of this reset.

This ongoing instability has
resulted in having the Five Eyes’ (United States, Britain, Canada, New Zealand
and Australia) decision
not to use technology from Huawei in the “sensitive” parts of their telecoms
networks.  The U.S. told allies not to
use Huawei for fear of Chinese spying through the back doors of the equipment.

The key to share shift is

Now let’s look at the U.S. vs.
China spat through the lens of wireless system integrators.  Ericsson and Nokia have long been dominant
players in world since 2G.  Huawei made
significant share increases in APAC with LTE deployments and to a lesser extent
in Latin America, Africa and Eastern Europe. 
Now LTE deployments (first national deployments begun in 2009) are
largely complete. 

The networks are built, the vendors
are selected, and their services are up and running.  Global market share is set, for now.  Now enter the 5G major deployments for 2020.  New 5G vendors are performing acceptance
testing on initial deployments imminently at this very moment, and this represents
the biggest chance in 10 years for any of the major vendors (Ericsson, Nokia,
Huawei, Samsung, Cisco) to gain share.

Enterprise fears and China

Once we accept that Huawei’s position
in the cross hairs of the U. S. administration isn’t changing, there are two
aspects we must consider.  First, though
Huawei’s executives have made multiple statements saying there are no back
doors to their equipment, two Chinese laws- the 2017 National Intelligence Law
and the 2014 Counter Espionage Law -remain very problematic for the
company.    Some of the most troubling language is
content like Article 22 which states:

“When the state security organ investigates and understands
the situation of espionage and collects relevant evidence, the relevant organizations
and individuals shall provide it truthfully and may not refuse

Legal experts
have interpreted this as a legal basis upon which the Chinese government could
compel any Chinese company including Huawei to share any and all customer data from equipment deployed both inside China
and throughout the rest of the world.

With the understanding that
Huawei may have a legal obligation to share customer data with the intelligence
wing of the Chinese government, non-Chinese vendors gain a distinct advantage.  Because enterprises believe they can be and
are being penetrated (Radware research
found that 67% of C-Suite executives believe their networks can be penetrated
by hackers).  Cisco, Nokia, Ericsson and
others can differentiate themselves by developing a superior security offering.  And they can make a statement to Service
Providers that Huawei never can: “We will never share any customer data with
any foreign governments and have ZERO legal obligation to do so.”

Once Cisco, Ericsson, Nokia
and others embrace this statement, Service Providers will clearly understand they
can build superior, high quality, agile security services with Western vendors. 

Thousands of security
instances, when and where you need them

As Service Providers build
out their new 5G core networks, many will build out thousands of Mobile Edge
Compute (MEC) nodes across the network. 
These MECs give the Service Providers a service edge that is geographically
very close to tens of thousands of enterprises, and that sees all the
applications flowing in and out of the enterprise.  This becomes an ideal point to insert a
security instance at the network, or application layer (or both) to inspect
traffic in real-time as it enters and exits the enterprise.  When the security instance sees any anomaly,
it can signal to the orchestration layer to spin up an enforcement instance to
clean the traffic and block the offending IP address (or whatever action is
required by the pre-programmed security policy).

In addition, the MEC nodes
are effectively distributed private cloud instances.  As such, they enable Service Providers to
deploy this highly valuable security service as a completely software-based
cloud solution.  This results in a
significantly lower cost service with new business models in which enterprises could
pay for a monitoring only service that increases to an additional enforcement
service just for the actual minutes spent thwarting an attack.  This opens new avenues for revenue to
businesses that see themselves as vulnerable, but can only afford a small
amount per month to monitor their applications.

Increase growth 30X? Yes

Managed Security Services are
going through a period of explosive growth. 
For example, Akamai saw 29%
growth YoY
in its most recent quarter.

In an environment where large
Service Providers are growing
overall revenues
in the low single digits, a high value, high margin service
growing almost 30X faster than the overall company is very attractive. 

Cisco, Ericsson, Nokia and
other non-Chinese vendors have a unique opportunity to lead with security in
their 5G MEC applications.  This will
enable them to differentiate against Huawei with the superiority of their
offerings and the ability to provide peace of mind from foreign government
hacking that clouds Huawei networks.  It
truly is a great opportunity for Western network equipment vendors to:

  • Gain 5G share
  • Help Service Providers
    build a superior high value security service
  • Differentiate
    themselves as the pro security, pro privacy vendors for Service providers in an
    environment where most enterprises see themselves as vulnerable.

Original Source link

The post #cybersecurity | hacker | Is 5G the security silver bullet for system integrators in the West? appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Town Hit by Ransomware; System Shut Down to Limit Damage – East Greenwich News

Source: National Cyber Security – Produced By Gregory Evans By Elizabeth F. McNamara Town Manager Andrew Nota said Saturday the town had been hit with computer ransomware and had shut down the system townwide to evaluate the damage and rebuild. “There have been numerous system breaches in municipalities in Rhode Island, New England and nationally […] View full post on

#cybersecurity | #hackerspace | Analyst Discusses Reporting Hack Of Computer System At Indian Nuclear Reactor | Avast

Source: National Cyber Security – Produced By Gregory Evans This week a report of hackers gaining access to an Indian nuclear power plant’s computer network led to alarm, confusion, and denial before officials admitted the hack took place. The threat analyst who reported the issue experienced a unique vantage point in the middle of that […] View full post on

#hacking | Man sentenced for hacking LA court system

Source: National Cyber Security – Produced By Gregory Evans

LOS ANGELES (AP) — A man who hacked Los Angeles County court computers, sent 2 million malicious phishing emails and stole hundreds of credit card numbers has been sentenced in Los Angeles.

Oriyomi Aloba received a 12-year federal prison sentence Monday.

Authorities say the 33-year-old Katy, Texas, resident hacked the Superior Court computer system in 2017, compromised one worker’s email account and used it to send out phishing emails that obtained email addresses and passwords from hundreds of other workers.

Their accounts were then used to send out 2 million emails pretending to be from American Express, Wells Fargo and other companies to obtain banking and credit card information.

Prosecutors say Aloba’s hacking substantially disrupted the court system at a cost of tens of thousands of dollars.

Copyright © 2019 The Associated Press. All rights reserved. This website is not intended for users located within the European Economic Area.

Source link

The post #hacking | Man sentenced for hacking LA court system appeared first on National Cyber Security.

View full post on National Cyber Security

Local #company’s #system #hacked; employee #info #stolen

Source: National Cyber Security – Produced By Gregory Evans

 Green Bay Police say they are investigating the hacking of a local corporation’s computer network, resulting in the theft of “significant amounts of money” from victims in the organization.

Police did not immediately identify the company that was attacked. Action 2 News will work to find that out.

Officers say the hackers stole human resources information.

“In this case, it appeared the cyber actors utilized a known vulnerability to access the company’s computer systems and human resources software to steal personal identifying information from employees,” reads a statement from Capt. Jeremy Muraski.

Police say the vulnerability was a known issue and a security patch had not been installed and updated.

“This incident demonstrates how vital it is to maintain public facing computer systems with the latest security patches from the server companies as cyber actors will attempt to use exploits as long as they are finding vulnerable systems,” reads the statement from Capt. Muraski.

The post Local #company's #system #hacked; employee #info #stolen appeared first on National Cyber Security .

View full post on National Cyber Security

Hack of #Baltimore’s 911 #dispatch system was #ransomware #attack, city #officials say

The hack that forced Baltimore’s 911 dispatch system to be temporarily shut down over the weekend was a ransomware attack, city officials said Wednesday.

Such attacks — another of which occurred in Atlanta last week — take over parts of private or municipal computer networks and then demand payment, or ransom, for their release.

Frank Johnson, chief information officer in the Mayor’s Office of Information Technology, said he was not aware of any specific ransom request made by the hackers of Baltimore’s network, but federal authorities are investigating.

“The systems and the software and the files are all being investigated by the FBI right now,” Johnson said.

No personal data of city residents was compromised, he added.

Dave Fitz, an FBI spokesman, could not be reached Wednesday. On Tuesday, Fitz said the agency was aware of the breach and providing assistance to the city, but otherwise declined to comment.

The attack infiltrated a server that runs the city’s computer-aided dispatch, or CAD, system for 911 and 311 calls. The system automatically populates 911 callers’ locations on maps and dispatches the closest emergency responders there more seamlessly than is possible with manual dispatching. It also relays information to first responders in some cases and logs information for data retention and records.

The breach shut down the CAD system from Sunday morning until Monday morning, forcing the city to revert to manual dispatching during that time. While the city’s 911 calls are normally recorded online on Open Baltimore, the city dispatch logs stopped recording them at 9:54 a.m. Sunday and didn’t resume recording them again until 7:42 a.m. Monday.

Johnson said the attack was made possible after a city information technology team troubleshooting a separate communications issue with the server inadvertently changed a firewall and left a port, or a channel to the Internet, open for about 24 hours, and hackers who were likely running automated scans of networks looking for such vulnerabilities found it and gained access.

“I don’t know what else to call it but a self-inflicted wound,” Johnson said. “The bad guys did not get in on their own without the help of someone inadvertently leaving the door open.”

Once the “limited breach” was identified, city information technology crews “were able to successfully isolate the threat and ensure that no harm was done to other servers or systems” on the city’s network, Johnson said. And once “all systems were properly vetted, CAD was brought back online.”

Johnson said the city “continues to work with its federal partners to determine the source of the intrusion.”

The Baltimore hack comes amid increasing hacking of municipal systems across the country, and follows one in Atlanta last week that paralyzed that city’s online bill-payment system, with hackers demanding a $51,000 payment in bitcoin to unlock it. That attack occurred Thursday, and Atlanta employees only turned their computers back on Tuesday.

Johnson said his office works diligently to prevent cyberattacks and is looking to invest more in safeguarding its networks.

Baltimore also faced cyberattacks during the unrest in 2015, when its website was taken offline. Johnson said he was unaware of any other successful attacks on the city’s networks. He said the city would be obligated to disclose any attacks that compromised residents’ personal information, health information or crime data.

Johnson said he feels the city recovered well from the breach once it was identified, but that he did not want to go into detail about what was done lest he expose the city to more attacks.

The city has a $2.5 million contract with TriTech Software Systems to maintain its CAD software and provide “technical support services to ensure the functional integrity” of the city’s CAD system.

Scott MacDonald, TriTech’s vice president of public safety strategy, said the company worked with city IT personnel to shut down the CAD software after the attack. The breach was not related to the company’s software, MacDonald said.

“When we were alerted of it, it was reported that the server had some sort of compromise,” he said. “Our techs connected and worked with the IT staff there, and the CAD system was taken down manually, in combination between our staff and theirs, while the servers could be troubleshooted by the city.”


The post Hack of #Baltimore’s 911 #dispatch system was #ransomware #attack, city #officials say appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures