Gloversville, NY Hit by Ransomware Attack; City Pays $150K to Recover Stolen Data
The city of Gloversville, New York, disclosed a ransomware attack after a digital ransom note was discovered by its finance commissioner on March 14. The breach compromised sensitive data, including personal information, payroll records, direct deposit details, and account numbers of all current and former city employees affecting over 3,000 individuals.
Upon detecting the incident, Gloversville officials reported the attack to the FBI, New York State Police, and Homeland Security cyber experts. On March 18, authorities instructed the city to retain specialized cybersecurity and legal firms to manage the response. Investigators suspect the threat actors operate from Eastern Europe and are exploring ways to track the ransom transaction to recover funds and identify the perpetrators.
After negotiations, the city’s legal and security teams recommended paying the ransom, which was initially demanded at $300,000. The Gloversville City Council approved a $150,000 payment, and the stolen data was subsequently recovered and decrypted. As part of the response, affected employees were offered one year of credit monitoring and identity theft protection.
The investigation remains ongoing.
Source: https://www.news10.com/news/fulton-county/city-of-gloversville-hit-by-ransomware-attack/
City of Gloversville cybersecurity rating report: https://www.rankiteo.com/company/city-of-gloversville
"id": "CIT1768613966",
"linkid": "city-of-gloversville",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '3000+ individuals (current and '
'former city employees)',
'industry': 'Public Sector',
'location': 'Gloversville, New York, USA',
'name': 'City of Gloversville',
'type': 'Government'}],
'customer_advisories': 'Affected employees offered one year of credit '
'monitoring and identity theft protection',
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'number_of_records_exposed': '3000+',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal information, payroll '
'records, direct deposit details, '
'account numbers'},
'date_detected': '2024-03-14',
'description': 'The city of Gloversville, New York, disclosed a ransomware '
'attack after a digital ransom note was discovered by its '
'finance commissioner on March 14. The breach compromised '
'sensitive data, including personal information, payroll '
'records, direct deposit details, and account numbers of all '
'current and former city employees affecting over 3,000 '
'individuals.',
'impact': {'data_compromised': 'Personal information, payroll records, direct '
'deposit details, account numbers',
'financial_loss': '$150,000',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'motivation': 'financial gain',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': '$300,000',
'ransom_paid': '$150,000'},
'references': [{'source': 'Cyber incident report'}],
'response': {'law_enforcement_notified': 'FBI, New York State Police, '
'Homeland Security cyber experts',
'recovery_measures': 'Credit monitoring and identity theft '
'protection for affected employees',
'remediation_measures': 'Ransom payment, data recovery and '
'decryption',
'third_party_assistance': 'Cybersecurity and legal firms'},
'threat_actor': 'Eastern European threat actors',
'title': 'Gloversville, NY Hit by Ransomware Attack; City Pays $150K to '
'Recover Stolen Data',
'type': 'ransomware'}