Ransomware Attack on City of Coon Rapids by INC Ransom

Overview of the City of Coon Rapids

The City of Coon Rapids, located in Anoka County, Minnesota, is a significant municipal entity within the Minneapolis–Saint Paul metropolitan area. With a population exceeding 62,000, it is the sixth-largest city in the state. Incorporated in 1952, Coon Rapids provides a comprehensive range of services to its residents, including public safety, public works, community development, parks and recreation, environmental services, administrative services, community services, and public information. The city is known for its extensive park system, featuring over 60 parks and 35 miles of trails, and the Coon Rapids Dam Regional Park along the Mississippi River.

Details of the Ransomware Attack

On July 1, 2024, the City of Coon Rapids fell victim to a ransomware attack orchestrated by the notorious INC Ransomgroup. The attack was publicly claimed by the group on their dark web leak site. While the exact size of the data leak remains undisclosed, The group has estimated the city's revenue at $40.9 million, indicating the potential scale of the breach. The attack has raised significant concerns about the security of municipal services and the potential impact on the city's operations and residents.

About INC Ransom

INC Ransom is a highly sophisticated cybercriminal group known for its targeted ransomware attacks on various sectors, including healthcare, education, government entities, and technology companies. The group employs advanced techniques such as spear-phishing campaigns, exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler, and using both Commercial Off-The-Shelf (COTS) software and legitimate system tools for reconnaissance and lateral movement within networks.

Potential Vulnerabilities and Attack Penetration

The City of Coon Rapids, like many municipal entities, operates a complex network of services and systems, making it a lucrative target for ransomware groups. Potential vulnerabilities could include outdated software, insufficient cybersecurity measures, and a lack of employee training on recognizing phishing attempts. INC_RANSOM likely penetrated the city's systems through a combination of these vulnerabilities, leveraging their expertise in exploiting known software flaws and conducting sophisticated phishing campaigns to gain initial access. Once inside, the group would have used legitimate system tools to move laterally within the network, identifying and exfiltrating sensitive data before deploying their ransomware payload.

Impact on the City of Coon Rapids

The ransomware attack on the City of Coon Rapids has significant implications for the city's operations and its residents. Public safety services, including police and fire departments, public works, community development, and other essential services, could be disrupted. The potential exposure of sensitive data also raises concerns about privacy and the security of personal information. The city will need to undertake extensive efforts to recover from the attack, including restoring systems, enhancing cybersecurity measures, and addressing any data breaches.

Sources

• City of Coon Rapids Official Website
• SOCRadar: Dark Web Profile - INC_RANSOM
• Security Affairs: INC_RANSOM Ransomware Attack on Xerox Corp
• Huntress: Investigating New INC_RANSOM Group Activity
• CyberDaily: INC_RANSOM Claims Ransomware Attack on NHS Scotland