The morning of 1 Aug, I found an article in my feed about a ransomware attack against a municipality; specifically, Montclair Township in New Jersey. Ransomware attacks against municipalities are not new, and they can be pretty devastating to staff and citizenry, as well, and this is even before a ransom is paid. Services are impacted or halted, and I’ve even seen reports where folks lost considerable amounts of money because they weren’t able to get the necessary documentation to process the purchase of a home.
I decided to dig a bit and see what other information I could find regarding the issue, and the earliest mention I could find was this page from 6 June 2023 that includes a link to a video message from the mayor, informing everyone of a “cyber incident”. I also found this article from North Jersey dot com, reporting on the mayor’s message. Two days later, this article from The Record goes into a bit more detail, including a mention that the issue was not related to the MOVEit vulnerability.
At this point, it looks as if the incident occurred on 5 June 2023. As anyone who’s investigated a ransomware attack likely knows, the fact that files were encrypted on 5 June likely means that the threat actor was inside the environment well prior to that…2 days, 2 weeks, 2 months. Who knows. If access was purchased from an IAB, it could be completely variable, and as time passes and artifacts oxidize and decay, as the system just goes about operating, it can become harder and harder to determine that initial access point in time.
What caught my attention on 28 July was this article from Montclair Local News stating that had a bit of a twist on the terminology used in such incidents; rather, should I say, another twist. Yes, these are referred to many times as a “cyber incident” or “cyber attack” without specifically identifying it as ransomware, and in this instance, there’s this quote from the article (emph
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: