The City of Gloversville, New York, experienced a ransomware attack earlier this year, discovered in March when a ransomware note was found on the city’s server. The attack, attributed to threat actors believed to be from Eastern Europe, compromised the personal information of current and former employees, including payroll records and account numbers. The city engaged consultants to negotiate a ransom demand of $300,000, ultimately paying $150,000 in exchange for the return of the stolen data. The incident was reported to the FBI, State Police, and the Department of Homeland Security’s Incident Response Team, with ongoing efforts to track the suspects and recover the ransom. The breach exposed sensitive employee data, posing significant risks to their financial security and privacy, while also straining the city’s resources and operational integrity.
Source: https://wnyt.com/top-stories/gloversville-hit-by-ransomware-attack/
TPRM report: https://www.rankiteo.com/company/gloversville-police-department
"id": "glo3792037102625",
"linkid": "gloversville-police-department",
"type": "Ransomware",
"date": "3/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'employees (current and former)',
'industry': 'public administration',
'location': 'Gloversville, New York, USA',
'name': 'City of Gloversville',
'type': 'government (municipal)'}],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['personal information',
'payroll records',
'account numbers']},
'date_detected': 'March 2024',
'date_publicly_disclosed': '2024-05-11',
'description': "The City of Gloversville's computer system was hit by a "
'ransomware attack earlier this year, compromising the '
'personal information of current and former employees. The '
'attack was discovered in March, with a ransomware note found '
'on the server. The city reported the incident to the FBI, '
'State Police, and the Department of Homeland Security’s '
'Incident Response Team. Attackers, believed to be from '
'Eastern Europe, stole employees’ personal information, '
'including payroll records and account numbers. The city '
'negotiated a ransom demand of $300,000, ultimately paying '
'$150,000 for the return of the stolen data.',
'impact': {'data_compromised': 'personal information of employees (current '
'and former), payroll records, account numbers',
'financial_loss': '$150,000 (ransom paid)',
'identity_theft_risk': 'high (personal information and account '
'numbers stolen)',
'payment_information_risk': 'high (account numbers compromised)',
'systems_affected': ['computer system', 'server']},
'initial_access_broker': {'high_value_targets': ['employee payroll records',
'account numbers']},
'investigation_status': 'ongoing (FBI tracking suspects and attempting to '
'recover ransom money)',
'motivation': 'financial gain',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_demanded': '$300,000',
'ransom_paid': '$150,000'},
'references': [{'date_accessed': '2024-05-11', 'source': 'WNYT News'}],
'regulatory_compliance': {'regulatory_notifications': ['FBI',
'State Police',
'Department of '
'Homeland Security’s '
'Incident Response '
'Team']},
'response': {'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['payment of ransom ($150,000) for data '
'return'],
'third_party_assistance': ['consultants (for ransom '
'negotiation)']},
'threat_actor': 'Unknown (believed to be from Eastern Europe)',
'title': 'Ransomware Attack on the City of Gloversville',
'type': 'ransomware'}