Gemeente Buren: Perpetrators of ransomware attack used stolen credentials
The Gelderland municipality of Buren announced the cause of the ransomware attack in April on Wednesday. The perpetrators used stolen credentials from the software supplier to gain access to the municipality’s system.
The investigation into the attack was completed this week. It revealed that the hackers used stolen credentials from the software vendor to break in and install the ransomware. The account used by the criminals did not have two-step verification enabled, reports the municipality. The municipality does not say which software supplier it concerns.
At the beginning of April, the municipalities of Buren and Neder-Betuwe were hit by a ransomware attack. Three weeks later it turned out that there were 130GB of data from Gemeente Buren on the dark web. The government agency’s system stored 1,331 copies of passports and IDs. The municipality has offered affected citizens to have it replaced free of charge.
Mayor Josan Meijers does not rule out that even more data may turn up on the dark web. On the advice of cyber security experts and the national government, the municipality has not negotiated with the perpetrators. It is not yet known who is behind the attack.