Ransomware Attack on Summerville Police Department by Embargo Group

Victim Profile: Summerville Police Department

The Summerville Police Department (SPD) serves the town of Summerville, South Carolina, with a mission to protect and serve the community through integrity and professionalism. Led by Chief Doug Wright, the department is a significant part of the town's operations, with an annual budget allocation of over $11 million. The SPD is known for its community-oriented approach, engaging residents through various programs and initiatives aimed at fostering trust and public safety.

Attack Overview

The SPD recently fell victim to a ransomware attack orchestrated by the Embargo group. The attackers claim to have stolen over 1.7 TB of data, although town officials have found no evidence to substantiate this claim. The attack began on a Thursday morning, targeting the administrative systems of the police department. Thanks to the swift response from the town’s IT team, the attack was contained by the following day. Despite Embargo's claims, they have not provided any proof of the data theft, leaving room for skepticism.

Embargo Ransomware Group

Embargo is a relatively new entity in the digital extortion landscape, known for encrypting files and demanding ransom for decryption. The group uses the Rust programming language, which is known for its security and speed. Embargo has targeted several organizations, including DME Delivers, and has operational similarities to the now-defunct ALPHV/BlackCat group. Their tactics involve not only demanding ransom but also threatening to leak stolen data.

Potential Vulnerabilities

The SPD's reliance on digital systems for administrative and operational functions makes it a potential target for ransomware attacks. The initial attack vector remains unclear, but common methods include phishing emails, exploiting software vulnerabilities, and using compromised credentials. The SPD's commitment to transparency and community engagement may also make it a target for threat actors seeking to disrupt public trust and safety.

Response and Investigation

Summerville is collaborating with state and federal cybersecurity experts to thoroughly investigate the incident. Despite the attack, all town services, including emergency and public works, continue to operate smoothly. Town officials are cautious about sharing too many details due to the ongoing investigation but assure residents that they are actively addressing the situation. Residents are encouraged to stay updated by following the town’s official communications.

Sources

• Summerville Police Department
• PCRisk: Embargo Ransomware
• Cyble: The Rust Revolution
• DataBreaches.net: Embargo Ransomware Group