D2
Администратор
- Регистрация
- 19 Фев 2025
- Сообщения
- 4,380
- Реакции
- 0
A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and agencies within California and Washington.
Automatic Funds Transfer Services (AFTS) is used by many cities and agencies in Washington and other US states as a payment processor and address verification service. As the data is used for billing and verifying customers and residents is wide and varied, this attack could have a massive and widespread impact.
The attack occurred around February 3rd when a cybercrime gang known as 'Cuba ransomware' stole unencrypted files and deployed the ransomware.
The cyberattack has since caused significant disruption to AFTS' business operations, making their website unavailable and impacting payment processing. When visiting their site, people are greeted with a message, stating, "The website for AFTS and all related payment processing website are unavailable due to technical issues," as shown below.
BleepingComputer discovered that the attack was conducted by a cybercrime operation known as 'Cuba Ransomware' after the hackers began selling AFTS' stolen data on their data leak site.
Like other human-operated ransomware, Cuba will breach a network, spread slowly through servers while stealing network credentials and unencrypted files, and finally end the attack by deploying the ransomware to encrypt devices.
If the ransomware gang cannot find a buyer for the data, they will likely release it for free, allowing the data to be used by other threat actors.
The potential data exposed varies depending on the city or agency, but may include names, addresses, phone numbers, license plate numbers, VIN numbers, credit card information, scanned paper checks, and billing details.
Below we have listed the cities and agencies that have released data breach notification, with more likely to follow in the future.
Automatic Funds Transfer Services (AFTS) is used by many cities and agencies in Washington and other US states as a payment processor and address verification service. As the data is used for billing and verifying customers and residents is wide and varied, this attack could have a massive and widespread impact.
The attack occurred around February 3rd when a cybercrime gang known as 'Cuba ransomware' stole unencrypted files and deployed the ransomware.
The cyberattack has since caused significant disruption to AFTS' business operations, making their website unavailable and impacting payment processing. When visiting their site, people are greeted with a message, stating, "The website for AFTS and all related payment processing website are unavailable due to technical issues," as shown below.
BleepingComputer discovered that the attack was conducted by a cybercrime operation known as 'Cuba Ransomware' after the hackers began selling AFTS' stolen data on their data leak site.
Like other human-operated ransomware, Cuba will breach a network, spread slowly through servers while stealing network credentials and unencrypted files, and finally end the attack by deploying the ransomware to encrypt devices.
If the ransomware gang cannot find a buyer for the data, they will likely release it for free, allowing the data to be used by other threat actors.
Affected cities and agencies
Due to the large amount of potential data allegedly stolen by the Cuba Ransomware operation, cities utilizing AFTS as their payment processor or address verification service have begun disclosing potential data breaches.The potential data exposed varies depending on the city or agency, but may include names, addresses, phone numbers, license plate numbers, VIN numbers, credit card information, scanned paper checks, and billing details.
Below we have listed the cities and agencies that have released data breach notification, with more likely to follow in the future.