Connecticut city of West Haven assessing impact of cyberattack

Avatar

The government of West Haven, Connecticut, says it is investigating a cyberattack that recently forced it to temporarily shut down all of its IT systems. 

In an update on January 11, Mayor Dorinda Borer said “an IT system security incident” on an unspecified day had forced the shutdown. The city initially said in a Facebook post on December 26 that the government was “experiencing a network disruption.”

The city is still assessing what data might have been affected by the incident, the update said.

“As a result of the city’s established practices and general preparedness for a situation like this, the systems impacted by this incident were backed up in a manner that allowed for all systems to be operational within a few days,” the city said. 

The city of more than 50,000 residents near New Haven and Yale University did not respond to requests for comment about whether the incident was a ransomware attack. 

The statement from January 11 said more information will be released once the investigation has been completed. 

The attack was claimed by the Qilin ransomware group on January 11. The group drew international outrage last summer after it disrupted healthcare across London by attacking blood testing giant Synnovis. 

Sensitive healthcare data for nearly 1 million people was leaked after the attack and more than 1,100 operations were postponed due to the lack of Synnovis’ pathology services. Qilin actors allegedly demanded a $50 million ransom.

The gang emerged in 2022 as a ransomware-as-a-service operation and has targeted a variety of organizations across the U.S. and Europe. Cybersecurity experts infiltrated the group’s systems in 2023 and found ransom demands amounting to millions of dollars. 

Experts tracked at least 25 confirmed attacks by Qilin with more than 100 more unconfirmed incidents launched by the group’s hackers.

The attack on West Haven comes as several U.S. municipalities report holiday cyber incidents. Elsewhere in New England, the Massachusetts town of Bourne reported on January 11 that its IT network had been compromised.

CybercrimeNewsNews BriefsGovernment
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Tennessee-based mortgage lender confirms December cyberattack

Next Post

US issues final rule barring Chinese, Russian connected car tech

Related Posts

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. "The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model, where infected systems are sold as initial access points to other cybercriminal organizations," Silent Push
Avatar
Read More

Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild

Microsoft has released patches to fix 67 security flaws, including one zero-day bug in Web Distributed Authoring and Versioning (WEBDAV) that it said has come under active exploitation in the wild. Of the 67 vulnerabilities, 11 are rated Critical and 56 are rated Important in severity. This includes 26 remote code execution flaws, 17 information disclosure flaws, and 14 privilege escalation
Avatar
Read More

Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa

Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking the activity under the moniker CL-CRI-1014, where "CL" refers to "cluster" and "CRI" stands for "criminal motivation." It's suspected
Avatar
Read More