BitPaymer Cyberattack in Alaska
News | 08/03/2018

Alaskan Town Re-live Typewriter days- Bitpaymer virus on large!

About: A malicious computer cryptovirus identified as BitPaymer ransomware is known to have made Alaskan Town Re-live Typewriter days. On 24th July 2018, Matanuska-Susitna (Mat-Su) borough, an Anchorage Metropolitan Area in Alaska was hit by this malicious ...  Read More  

| News | Alaskan Town Re-live Typewriter days- Bitpaymer virus on large!

BitPaymer Cyberattack in Alaska

A malicious computer cryptovirus is known to have hit Matanuska-Susitna (Mat-Su) borough, an Anchorage Metropolitan Area in Alaska on July 24th 2018. The discovery of the ransomware attack led Borough’s government networks and IT staff to shut down largely affected IT systems. Servers were the first to loose connectivity  followed by phones, email id, and Internet access!

The security team is steadily working to  cope with the compromised systems and to get them cleaned and restore email, phones and Internet connection.

BitPaymer Cyberattack in Alaska – Multi-pronged, Multi-vectored Attack

BitPaymer Cyberattack in Alaska

Modus Operandi on the attack revealed that the virus exhibited a “Multi-pronged, Multi-vectored attack” trait that had the multiple aspects of viruses including dead man’s switch, Cryptolocker, time bomb and Trojan horse.

The malware was identified as BitPaymer ransomware that was first spotted in July last year. Culprits behind the design of this ransomware are suspected to be linked to the same criminal group that runs infamous Dridex banking Trojan.

BitPaymer Cyberattack in Alaska

The “Trojan” aspect of the BitPaymer ransomware was first detected by the anti-virus scans on July 17th 2018 on windows 7 machines.  Other traits of this multi-pronged virus however, were completely missed by anti- virus software scans.

Attack Repercussions:

  1. All user passwords were intentionally expired by the security team to compel users to change passwords for all admin and service accounts.
  2. An attempt was made to remove the discovered components of the virus with manually generated scripts. This attempt triggered the virus to launch its Crypto Locker component. Researchers speculate this trigger to be automated or suspect crooks to have been monitoring the activity and executed their Command and Control (C2) to launch the attack.

The results were devastating as 500 Mat-Su desktop workstations and 120 of 150 Mat-Su servers were dominated by the encryption. As a result, Mat-Su network was taken offline, FBI was notified, and the network rebuilding operation was initiated. Some data has been successfully recovered from the backups. There is no information regarding the demands of crooks being fulfilled to restore the infected system is not known.

  1. Cleaning and reinstallation of 650 desktop computers and servers located on the parts of the Mat-Su network that are believed to be affected is in progress.
  2. 110 employee workstations were cleaned and returned to service.
  3. The Phone server was rebuilt on 29th July 2018 and some Mat-Su phones were back online on 30th.
  4. Government was assisted to reconstruct its IT infrastructure by 20 different agencies and private sector vendors.

List of unaffected Networks

  1. Data stored with third-party providers like Payment card data remained safe.
  2. The Mat-Su official website remained unaffected.
  3. Though Mat-Su door lock card swipe system was compromised, but it continued to work seamlessly.

Still,  there are no evidences of attackers leaking the stolen data.

A Pat on the Back to Borough employees

Deprived of computers and files at the time of the devastation, Borough employees acted resourcefully. The use of age old technology: A typewriter was commendable. Lists of library book patrons, receipts and landfill fees were all prepared using typewriters.

BitPaymer Cyberattack in Alaska

Other attacks similar to BitPaymer Cyberattack in Alaska

Mat-Su Borough was victim number 210.

Researches revealed that the city of Valdez in Alaska experienced a similar attack. The traits of the attack resemble BitPaymer infection. The news came to light on July 28th 2018, when Valdez city officials confirmed about the attack in an official Facebook statement.

 

Hits: 223

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Jaipur
Rajasthan 302033
Phone: +91 9799661866