Massachusetts city of Lowell has seen five gigabytes of “private and confidential data” leaked onto the dark web after a ransomware attack at the end of April that saw several of the city’s systems taken offline. The incident is the latest in a spate of ransomware attacks on US cities.

Lowell's data leaked online after Play cyberattack
Lowell Town Hall, whose city is at the mercy of an ongoing cyberattack by the Play ransomware gang. (Photo by Wangkun Jia/Shutterstock)

Researchers have told Tech Monitor that public services in the US require higher security and that there are likely to be more attacks of this kind until funding is allocated to boost cyber defences.

Lowell’s data leaked online after Play cyberattack

Play has claimed responsibility for the ongoing cyberattack on Lowell, which began on 24 April. 

The public was told to “expect delays” as the city’s Management Information Systems Department isolated affected networks and took them offline.

The city began to restore services two days later, and brought in the FBI, as well as multiple state agencies, to help with “forensic assessment of the cyber-related incident”. 

Play took responsibility for the breach on 3 May, stating that if the city did not pay an undisclosed ransom, the gang would release citizens’ personal data onto the dark web.

The deadline for this release, 10 May, has now passed and some information gathered from Lowell’s systems has leaked online. 

It is likely the attackers are keeping more information in reserve says Allan Liska, CSIRT at security company Recorded Future. “It’s the analogy of cutting off an ear and sending it to a kidnapping victim’s family,” he says. “They’re showing you they’re serious and they’ll do more damage if they don’t get paid.” 

Latest in a spate of attacks on US cities

US councils have been popular targets for ransomware gangs in recent months. Curry County in the State of Oregon suffered a catastrophic cyberattack that saw its “digital footprint wiped away,” said the Curry County Commissioner Brad Alcorn

After the attack there was no email access, historical documents were gone and any online data or documents were unreachable. “We’ve got to essentially rebuild and start again from scratch,” Alcorn told NBC.

The perpetrators of this attack were Royal ransomware, the same cybercriminal gang that hit the city of Dallas in Texas, reportedly revealing the attack by sending a ransom note to printers at the council officers.

A statement released by the city said staff and vendors worked “throughout the weekend to ensure progress toward service restoration,” after all municipal courts were forced to close for a day due to the attack.

The city’s fire and police departments told local news outlets they were working at massive delays as a result of the incident.

Earlier this year Oakland in California suffered a similar breach at the hands of LockBit.

Tech Monitor contacted the local authorities involved in the recent breaches for comment.

Cybersecurity funding required in the US

Such frequent attacks on city systems are an indicator of how little funding the public services are receiving for cyber defence, says Matt Ellison, cybersecurity specialist at security vendor Corelight.

“Any public entity, but especially local governments, have to make extremely tough decisions about where to spend their money,” Ellison says. “Public cities are nothing like a corporate entity, their IT equipment will be spread across numerous different areas – education, police, fire, street maintenance, public housing and many more.” 

Chris Handscomb, solutions engineer at Centripetal, agrees. “Cybersecurity training and funding, particularly for regional level government departments has been entirely insufficient,” he says. “Although things are certainly improving it is fair to say that both the tangible security of networks, processes, communication mediums, and the level of awareness are woefully behind when compared with the private sector.”

Recorded Future’s Liska says that not only are cities poorly protected, but the complexity of their networks means increasing protection is tricky. “A modern city network, especially with a digitised city model, is really vast and interconnected,” he says. “That takes a lot to properly secure it, it’s very difficult to do that.” 

Steps are being taken in the US to help public services combat these criminal gangs. “There are a number of grant programs that CISA and other federal agencies have that will improve the security posture of towns and cities,” Liska says. “They’re also providing human resources.”

In the meantime, though, public services are likely to find themselves the victims of more attacks. “It takes longer than we’d like to get these issues solved,” Liska says.

This article originally appeared on Tech Monitor.