The Snatch group, a cybercrime operation, has claimed responsibility for a ransomware attack on the city of Modesto, but did not disclose how much data was taken or when it would be released.
Andrew Gonzales, legislative affairs manager for the Northern California city, said that the government was able to reduce the size, scope, and impact of the attack, but did not comment on whether a ransom would be paid or how high the ransom was.
Modesto officials reported computer system issues on February 10 and disconnected parts of the network in response.
The attack limited the police department, disabling their laptops and forcing them to use radios and write down details of dispatch calls by hand.
The breach began on January 31 and lasted until February 3, according to breach notification letters sent out on March 8, during which hackers accessed names, addresses, Social Security numbers, medical information, driver’s license numbers, and state-issued identification numbers. The city acknowledged the sensitivity of the information and said it would work with victims to secure their data going forward.
The Snatch group has been implicated in several high-profile attacks since 2019, including the Metropolitan Opera, a school district in Wisconsin, and Swedish automaker Volvo.
Allan Liska, a ransomware expert at Recorded Future, said that Snatch is one of the smaller ransomware groups and never moved to a ransomware-as-a-service model, which has allowed it to fly under the radar despite having been around since 2018.
Liska added that the group usually demands between $2,000 and $35,000 worth of bitcoin in its negotiations with Coveware, an extortion negotiation company.
