Smart Parking Meter Vendor Data Stolen in Recent Ransomware Attack

A company known for selling smart parking meters and tech used by parking enforcement agencies became the victim of a ransomware attack. The hackers managed to expose some of the internal files on a website as proof of their deed.

The company in question, CivicSmart, is based in Milwaukee. It sells parking meters capable of mobile payments. They have software and hardware used to enforce parking rules and mobile apps used by government employees and motorists. The company was hit in March 2020, infected with the Sodinokibi ransomware. Messages posted on the REvil website, the threat actors behind the ransomware, showed the hackers leaked files to push the company to pay up.

REvil Publishes Data and Gets Paid a Ransom

The attack was spotted by Israeli security company Under the Breach but was undisclosed for a while. A screenshot of the website used by the attackers, called 'Happy Blog,' showed that they were preparing to publish a massive amount of data. CivicSmart had an alleged 159 gigabytes of data stolen from the company. A text file was shared with StateScoop, showing the names of folders pointing to employee records, bank statements, credit card numbers, contracts with parking garage vendors, and more. The hackers updated their page to show the company had paid the ransom, and the stolen files were taken down as a result.

The blog claims CivicSmart were 'pragmatic and real businessmen' because they admitted core mistakes and fixed 'all the vulnerabilities.' 'Try not to get into this blog,' the attackers smugly mentioned.

Along with the software and hardware provided by the company to parking authorities, CivicSmart offers its systems to mobile apps with drivers feeding the meter. Examples of those are Parking Panda and ParkMobile. Despite the data being removed from the attackers' website, customers are still at risk of more attacks and frauds. It is highly likely the criminals never really deleted the information, and that may be using it to monetize it further.

Sodinokibi/REvil is Becoming One of the Most Prevalent Ransomware

REvil or Sodinokibi is now one of the more harmful malware out there, making a name for itself over a year. Examples of that could be seen back in August 2019 when the malware was used to affect 23 Texas communities and to push them offline. The hackers behind the attacks moved their tactics to publish files online. That became a trend with more hackers, such as the ones behind the Maze ransomware. The Maze threat actors went the same way, publishing files belonging to the City of Pensacola in December 2019.

The City of Torrance in California saw a similar situation when they became victims of another ransomware. The stolen files may be used by hackers for spearphishing campaigns in the future against any agencies or businesses, infecting them with further ransomware. They may also be used for business email compromise campaigns. In many of these cases, they should be disclosed to allow potential victims to stay alert. It is unclear whether or not CivicSmart informed their customers since their chief executive Mike Nickolaus said he wasn't in a position to confirm or deny when he was interviewed.