Summerville Police Hit by Embargo Ransomware: 1.7TB Data at Risk
Incident Date:
July 26, 2024
Overview
Title
Summerville Police Hit by Embargo Ransomware: 1.7TB Data at Risk
Victim
Town of Summerville Police
Attacker
Embargo
Location
First Reported
July 26, 2024
Ransomware Attack on Summerville Police Department by Embargo Group
Victim Profile: Summerville Police Department
The Summerville Police Department (SPD) serves the town of Summerville, South Carolina, with a mission to protect and serve the community through integrity and professionalism. Led by Chief Doug Wright, the department is a significant part of the town's operations, with an annual budget allocation of over $11 million. The SPD is known for its community-oriented approach, engaging residents through various programs and initiatives aimed at fostering trust and public safety.
Attack Overview
The SPD recently fell victim to a ransomware attack orchestrated by the Embargo group. The attackers claim to have stolen over 1.7 TB of data, although town officials have found no evidence to substantiate this claim. The attack began on a Thursday morning, targeting the administrative systems of the police department. Thanks to the swift response from the town’s IT team, the attack was contained by the following day. Despite Embargo's claims, they have not provided any proof of the data theft, leaving room for skepticism.
Embargo Ransomware Group
Embargo is a relatively new entity in the digital extortion landscape, known for encrypting files and demanding ransom for decryption. The group uses the Rust programming language, which is known for its security and speed. Embargo has targeted several organizations, including DME Delivers, and has operational similarities to the now-defunct ALPHV/BlackCat group. Their tactics involve not only demanding ransom but also threatening to leak stolen data.
Potential Vulnerabilities
The SPD's reliance on digital systems for administrative and operational functions makes it a potential target for ransomware attacks. The initial attack vector remains unclear, but common methods include phishing emails, exploiting software vulnerabilities, and using compromised credentials. The SPD's commitment to transparency and community engagement may also make it a target for threat actors seeking to disrupt public trust and safety.
Response and Investigation
Summerville is collaborating with state and federal cybersecurity experts to thoroughly investigate the incident. Despite the attack, all town services, including emergency and public works, continue to operate smoothly. Town officials are cautious about sharing too many details due to the ongoing investigation but assure residents that they are actively addressing the situation. Residents are encouraged to stay updated by following the town’s official communications.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.