Security Market Segment LS
Friday, 03 July 2020 04:56

Two US local government bodies hit by DoppelPaymer, NetWalker Featured

Two US local government bodies hit by DoppelPaymer, NetWalker Image by Cija Tuttle from Pixabay

Cyber criminals appear to have used two different Windows ransomware packages — DoppelPaymer and NetWalker — to attack the City of Knoxville in Tennessee and Trinity Metro, a regional transportation authority of the state of Texas, respectively, and, in a familiar ploy, released screenshots of documents stolen from the two organisations.

The City of Knoxville is the largest in the East Tennessee region. Its website appears to be down at the moment, so there is no way of seeking any comment from the body.

Trinity Metro is not an agency or department of any of its member cities. It provides eight million passenger trips annually on buses, TEXRail, ZIPZONE services, ACCESS paratransit, vanpools and Trinity Railway Express.

TEXRail, which operates between Fort Worth and Dallas Fort Worth International Airport’s Terminal B, is owned and operated by Trinity Metro. TRE, which runs between Fort Worth and Dallas, is jointly owned and operated by Trinity Metro and DART.

The governing body is an 11-member board of directors with eight appointed by the Fort Worth City Council and three by Tarrant County Commissioners Court.

The Metro's contact form does not seem to be working at the moment.

Update, 5 July AEDT: Trinity Metro's name has now disappeared from the NetWalker site on the dark web, indicating that it may have paid the ransom that was demanded.

Both DoppelPaymer and NetWalker employ similar tactics: they exfiltrate data before encrypting documents and issuing ransom demands.

And if these are not met within a stipulated period, then the slow release of files begins as a pressure tactic.

In the case of Trinity Metro, the attackers have placed a deadline of 11 July before they publish the firm's data online.

In the City of Knoxville case, a large list of files has been released and more are said to be in the pipeline. In addition, the attackers have also listed the machines which were attacked, most of which run various versions of Windows Server dating from the 2008 version onwards.

Contacted for comment, Brett Callow, a regular iTWire commentator on ransomware attacks, said: "Audits and studies have repeatedly shown that US local governments practice cyber security poorly, which is why at least 113 of them were affected by ransomware last year."

Callow, who works as a threat analyst for the New Zealand-headquartered security shop Emsisoft, added: "This needs to change. If it does not, state and municipal entities will continue to be hit by ransomware and their data — and their residents' data — will continue to be stolen and published.

"But, alas, it seems that governments still haven't upped their security game. So far this year, at least 56 hit been hit, so it appears the 2020 numbers will be very similar to those of 2019."

Subscribe to Newsletter here

WEBINAR 12 AUGUST - Why is Cyber Security PR different?

This webinar is an introduction for cyber security companies and communication professionals on the nuances of cyber security public relations in the Asia Pacific.

Join Code Red Security PR Network for a virtual conversation with leading cyber security and ICT journalists, Victor Ng and Stuart Corner, on PR best practices and key success factors for effective communication in the Asian Pacific cyber security market.

You will also hear a success story testimonial from Claroty and what Code Red Security PR has achieved for the brand.

Please register here by 11 August 2020 and a confirmation email, along with instructions on how to join the webinar will be sent to you after registration.

Aug 12, 2020 01:00 PM in Canberra, Melbourne, Sydney. We look forward to seeing you there!



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.





Guest Opinion

Guest Interviews

Guest Reviews

Guest Research & Case Studies

Channel News