Dorapepe

ALABAMA CITY PLANS TO PAY RANSOMWARE GROUP DESPITE WARNINGS

Last updated: June 19, 2025, 18:57 | Written by: Brad Garlinghouse

Alabama City Plans To Pay Ransomware Group Despite Warnings
Alabama City Plans To Pay Ransomware Group Despite Warnings

In a move that has sparked controversy and raised concerns about cybersecurity best practices, the City of Florence, Alabama, has decided to pay a staggering $300,000 ransom in Bitcoin to the cybercriminals who infiltrated and crippled its computer systems. Florence, AL was targeted by the DoppelPaymer ransomware attack and officials plan to pay the ransom. Markets One News Page: WednesdayThis decision, made after an emergency city council meeting, comes despite numerous warnings from cybersecurity experts and even direct alerts that the city's IT infrastructure was vulnerable.The attack, attributed to the notorious DoppelPaymer ransomware gang, highlights the escalating threat of ransomware attacks targeting municipalities and other organizations across the nation. The City of Florence in northern Alabama has agreed to pay a ransom of US $300,000 worth of Bitcoin to hackers who compromised its computer systems and deployed ransomware.This incident emphasizes the importance of proactive cybersecurity measures and the difficult decisions organizations face when confronted with such devastating attacks. City of Florence out nearly $300,000 after ransomware hack, 20. However, in the midst of the pandemic, a surge in the activity of ransomware attacksBut what are the risks involved in paying the ransom?How could the city have avoided this situation?What are the broader implications of this decision for other cities vulnerable to cyber attacks?This article delves into the details of the Florence ransomware attack, exploring the factors that led to the decision to pay the ransom and the potential consequences for the city and beyond.

The Florence Ransomware Attack: A Detailed Breakdown

The City of Florence fell victim to a sophisticated ransomware attack on June 5th, an incident that effectively shut down its email system and crippled other vital IT infrastructure. Even if making a ransomware payment is not illegal where you operate, doing so without complying with federal advisories and guidelines can lead to serious legal and financial consequences. The Office of Foreign Assets Control of the U.S. Department of the Treasury monitors and regulates ransomware payments to cybercriminal groups.The perpetrators, the DoppelPaymer ransomware gang, are known for their double-extortion tactics.This means they not only encrypt the victim's data but also steal sensitive information before launching the ransomware, threatening to publish or sell the stolen data if the ransom isn't paid. A city in northern Alabama will pay a ransom worth $300,000 in Bitcoins in response to a hack of its computer system. Florence City Council voted unanimously at an emergency meeting Wednesday evening to make the payment from the city s insurance fund in an effort to preserve information tied to its city workers and customers, news outletsThis strategy puts immense pressure on victims, forcing them to consider the potential reputational and financial damage caused by a data breach.

DoppelPaymer's Tactics and Impact

The DoppelPaymer group's approach is particularly damaging.By exfiltrating data before encryption, they increase the stakes significantly.Even if a victim has robust backups and can restore their systems, the threat of data exposure remains. An Alabama city is paying over a quarter of a million dollars to cyber-criminals to recover data encrypted in a ransomware attack. Florence became a victim of the DoppelPaymer ransomware gang on June 5 in an attack that shut down the city's email system.This forces organizations to weigh the cost of the ransom against the potential costs of a data breach, including legal fees, regulatory fines, and loss of customer trust.In Florence's case, city officials cited the need to ""preserve information tied to its city workers and customers"" as a key reason for opting to pay the ransom.

The attack paralyzed essential city services, highlighting the vulnerability of municipalities to cyber threats.The shutdown of the email system, for instance, disrupted communication within the city government and with the public. Alabama Cardiovascular Group. Alabama Cardiovascular Group (ACG) has discovered unauthorized individuals accessed its computer network over the space of a month between J, and J, and during that time, exfiltrated files containing sensitive data.Other critical services might have also been affected, depending on the extent of the network compromise.This demonstrates the real-world impact of ransomware attacks on daily life and the importance of ensuring the resilience of critical infrastructure.

Warnings Ignored: A Missed Opportunity for Prevention

A particularly concerning aspect of this case is that Florence was reportedly warned about vulnerabilities in its IT systems before the attack occurred.Cybersecurity firm KrebsOnSecurity alerted city officials in late May that their information technology systems had been infiltrated by hackers specializing in deploying ransomware.Unfortunately, these warnings were not heeded in time to prevent the attack.

The Critical Importance of Proactive Cybersecurity

This incident underscores the crucial need for proactive cybersecurity measures. Note: This joint Cybersecurity Advisory is part of an ongoing StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromiseIt's no longer sufficient to simply react to threats as they arise.Organizations must actively seek out vulnerabilities, implement robust security protocols, and train employees to recognize and avoid phishing scams and other social engineering tactics.Delaying or ignoring security concerns can have devastating consequences, as Florence discovered.

Destry Winant from Risk Based Security attempted to assist but the timing was too late. “We were trying to get another [cybersecurity] response company involved, and that’s what we were trying to get through the city council on Friday when we got hit. Excerpt from article: In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deployingUnfortunately, the city was simply too late in getting protected.In fact, the hacker group might have been in their network for weeks before launching the ransomware attack.”

Examples of proactive security measures include:

  • Regular vulnerability assessments and penetration testing
  • Implementing multi-factor authentication (MFA) for all critical systems
  • Deploying endpoint detection and response (EDR) solutions
  • Creating and regularly testing backup and recovery plans
  • Providing comprehensive cybersecurity training to all employees

The Decision to Pay: Risks and Considerations

The Florence City Council's decision to pay the $300,000 ransom was undoubtedly a difficult one. Despite Warning, City of Florence Alabama Hit by DoppelPaymer Ransomware Attack and Will Now Pay $300,000 to Attackers: In late May, KrebsOnSecurityWhile paying the ransom might seem like the quickest way to restore access to encrypted data and prevent the release of stolen information, it also carries significant risks.

Why Paying the Ransom Is Problematic

There are several reasons why cybersecurity experts generally advise against paying ransomware demands:

  1. No Guarantee of Data Recovery: Even after paying the ransom, there's no guarantee that the attackers will provide a working decryption key or that all stolen data will be returned. Despite the $1.1 billion record haul of ransom payments in 2025, the number of ransomware victims that actually paid ransom demands dropped to a record low of 29 percent in the fourth quarter of 2025 (compared to 85 percent at the start of 2025), according to ransomware negotiation firm Coveware.In some cases, the decryption key may be faulty, or the attackers may simply disappear after receiving payment.
  2. Funding Criminal Activity: Paying the ransom directly funds criminal organizations, incentivizing them to continue their malicious activities and target other victims.
  3. Becoming a Target for Future Attacks: Organizations that pay ransoms may be perceived as ""easy targets"" and become more likely to be targeted by future attacks.
  4. Legal and Financial Consequences: Depending on the cybercriminal group involved, making a ransomware payment could potentially violate U.S. sanctions laws and lead to legal and financial consequences. Una banda de ransomware lanz un ataque contra los sistemas de tecnolog a de la informaci n de Florence, Alabama, en mayo. Este ataque se produjo a pesar de las advertencias de las empresas de seguridad cibern tica sobre la posible infiltraci n de hackers en la infraestructura de la ciudadThe Office of Foreign Assets Control of the U.S. Researchers say victims are typically given 3-90 days to pay, or their data will be published on the RansomHub Tor data leak site. To encrypt data, the group uses the elliptic curve encryption algorithm Curve and uses intermittent encryption. The ransomware targets data and does not typically encrypt executable files.Department of the Treasury monitors and regulates ransomware payments to cybercriminal groups.

Despite these risks, some organizations feel they have no other choice but to pay the ransom, especially when facing significant operational disruptions or the potential exposure of sensitive data.The Florence City Council seemingly felt that the potential consequences of not paying the ransom outweighed the risks associated with making the payment.

The Broader Landscape: Ransomware Attacks on the Rise

The attack on Florence is part of a broader trend of increasing ransomware attacks targeting municipalities, hospitals, and other organizations.Cybercriminals are increasingly sophisticated and relentless in their efforts to extort money from their victims.

Ransomware Statistics and Trends

Several factors contribute to the rise in ransomware attacks:

  • The proliferation of ransomware-as-a-service (RaaS): RaaS platforms make it easier for even novice cybercriminals to launch ransomware attacks.
  • The increasing sophistication of ransomware variants: New and more sophisticated ransomware variants are constantly emerging, making it more difficult for organizations to defend against them. BianLian, a cybercriminal gang, has taken credit for a recent data breach of Alabama Ophthalmology Associates, according to a May 12 report from Bankinfo Security. The practice reported the breach to HHS in April as a hacking incident that involved a network server and desktop computer that affected nearly 132,000 individuals. Potentially affected information in [ ]Examples include Play Ransomware and BlackByte.
  • The rise of double-extortion tactics: The threat of data exfiltration adds significant pressure on victims to pay the ransom.
  • Remote work vulnerabilities: The shift to remote work has created new vulnerabilities that cybercriminals can exploit.

While the reported ransom payment amount reached $1.1 billion in 2023, the number of organizations who chose to pay the ransom dropped to a record low of 29% in Q4 2023 compared to 85% at the beginning of 2023, according to Coveware, a ransomware negotiation firm. Despite Warning, City of Florence Alabama Hit by DoppelPaymer Ransomware Attack and Will Now Pay $300,000 to Attackers: In late May, KrebsOnSecurity alerted numerous officials in Florence, AlabamaThis could be due to improved security practices and an understanding of the pitfalls involved in paying the ransom.

Alternatives to Paying the Ransom: Building a Strong Defense

While the decision to pay a ransom is often seen as a last resort, organizations should prioritize building a strong cybersecurity posture to prevent attacks from happening in the first place.There are several alternatives to consider.

Key Cybersecurity Strategies

Implementing a layered security approach can significantly reduce the risk of a successful ransomware attack:

  • Robust Backup and Recovery Plan: Regularly back up critical data and test the recovery process to ensure data can be restored quickly in the event of an attack. We were trying to get another [cybersecurity] response company involved, and that s what we were trying to get through the city council on Friday when we got hit. Unfortunately, the city was simply too late in getting protected. In fact, the hacker group might have been in their network for weeks before launching the ransomware attack.Store backups offline and offsite to prevent them from being encrypted by ransomware.
  • Network Segmentation: Divide the network into smaller, isolated segments to limit the spread of ransomware if one segment is compromised.
  • Endpoint Security: Deploy endpoint detection and response (EDR) solutions on all devices to detect and block malicious activity.
  • Vulnerability Management: Regularly scan for and patch vulnerabilities in software and hardware.
  • Intrusion Detection and Prevention Systems (IDS/IPS): Implement systems to detect and block malicious traffic on the network.
  • User Awareness Training: Train employees to recognize and avoid phishing emails, malicious links, and other social engineering tactics.Conduct regular phishing simulations to test their awareness.
  • Incident Response Plan: Develop a comprehensive incident response plan that outlines the steps to take in the event of a ransomware attack. Tarrant appears to have avoided a crisis that the city of Birmingham experienced in March 2025 when a computer hacker wreaked havoc on operations and raised concerns about pay, security andThis plan should include procedures for isolating affected systems, notifying relevant stakeholders, and restoring data from backups.

These strategies, when implemented effectively, can significantly reduce the likelihood of a successful ransomware attack and minimize the potential damage.

The Legal and Regulatory Landscape of Ransomware Payments

The legal and regulatory landscape surrounding ransomware payments is complex and evolving. From: Destry Winant destry riskbasedsecurity com Date: Fri, -0500As mentioned previously, paying certain cybercriminal groups could violate U.S. sanctions laws, leading to legal and financial consequences.Therefore, consulting legal counsel is crucial before making a payment.

Staying Compliant with Regulations

Furthermore, organizations should be aware of reporting requirements related to data breaches.Many jurisdictions have laws requiring organizations to notify individuals and regulatory agencies in the event of a data breach involving personal information.Failure to comply with these regulations can result in significant fines and penalties.

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI offer resources and guidance to help organizations understand the risks of ransomware and implement effective cybersecurity measures.Organizations should take advantage of these resources to stay informed and protect themselves from cyber threats.

Examples of Recent Ransomware Attacks

The City of Florence's unfortunate experience is not an isolated incident. Multiple government sources have told AL.com that the city is the victim of a ransomware attack, with hackers gaining access to the city s computer systems and demanding payment for the city toMany other organizations have recently fallen victim to ransomware attacks, demonstrating the widespread nature of this threat.

  • Texas Department of Transportation (TxDOT): Hit by a ransomware attack disrupting operations.
  • Alabama Ophthalmology Associates: Suffered a data breach by the BianLian ransomware group, affecting nearly 132,000 individuals.
  • Alabama Cardiovascular Group (ACG): Experienced unauthorized network access resulting in the exfiltration of sensitive data.
  • City of Abilene, Texas: Faced a deadline to pay a Russian ransomware group to prevent the sharing of private information.

These examples highlight the diverse range of organizations targeted by ransomware attacks, from government agencies to healthcare providers to businesses of all sizes. DoppelPaymer will steal reams of data from victims prior to launching the ransomware, and then threaten to publish or sell the data unless a ransom demand is paid. Stealing data and threatening to release has become a very popular form of attack for hacker groups (see here and here)No organization is immune to this threat.

What Can You Do? Compromised information includes names, dates of birth, Social Security numbers, driver's license numbers, and medical and financial details. Alabama Ophthalmology Associates BreachBirmingham-based Alabama Ophthalmology Associates identified unauthorized access to its systems on Janu, with the BianLian ransomware group taking credit.Actionable Steps for Businesses and Individuals

Protecting against ransomware attacks requires a multi-faceted approach that involves both individual and organizational efforts.

Practical Tips for Enhanced Security

Here are some actionable steps that businesses and individuals can take to improve their cybersecurity posture:

  • For Businesses:
    • Conduct regular risk assessments to identify vulnerabilities.
    • Implement a layered security approach with robust firewalls, intrusion detection systems, and endpoint protection.
    • Enforce strong password policies and multi-factor authentication.
    • Provide regular cybersecurity training to employees.
    • Develop and test a comprehensive incident response plan.
    • Maintain offline backups of critical data.
    • Stay informed about the latest ransomware threats and vulnerabilities.
  • For Individuals:
    • Use strong, unique passwords for all online accounts.
    • Enable multi-factor authentication whenever possible.
    • Be wary of suspicious emails and links.
    • Keep software and operating systems up to date.
    • Install and maintain antivirus software.
    • Back up important data regularly.
    • Educate yourself about phishing scams and other social engineering tactics.

By taking these steps, businesses and individuals can significantly reduce their risk of falling victim to a ransomware attack.

Conclusion: Learning from Florence's Experience

The City of Florence's decision to pay a $300,000 ransom highlights the difficult choices organizations face when confronted with ransomware attacks.While the city felt compelled to pay the ransom to protect its data, the incident serves as a stark reminder of the importance of proactive cybersecurity measures.The Florence case is an example of the consequences of ignoring warnings. Cybersecurity awareness, education and preemptive action are critical to protecting your organization from devastating attacks.No matter the size of your organization, implementing and continuously improving security practices is the only way to truly mitigate the ransomware threat.The alternative, as Florence discovered, can be a very expensive and damaging lesson. ABILENE, Texas (KTAB/KRBC) Today is the alleged deadline for the City of Abilene to pay a Russian ransomware group to prevent the sharing of private information from a cyberattack thatPrioritizing security now can save organizations both money and reputation in the long run. From there, things spiraled somewhat. Confirming the ransomware theory, by May 26 the BlackByte ransomware group had added Augusta to a list of victims published on its disclosure website, complete with a warning that the clock is ticking. To back up the claim, the group sent what appeared to be payroll data to a newsUltimately, the key takeaway is that preventing ransomware attacks is far more effective and cost-efficient than responding to them after they occur.

Brad Garlinghouse can be reached at [email protected].

Articles tagged with "What Is Binance Dappbay & How It's Red Alarm Found" (0 found)

No articles found with this tag.

← Back to article

Related Tags

www.securityweek.com › alabama-city-pay- Alabama City to Pay $300,000 Ransom in Computer System Hack www.infosecurity-magazine.com › news › alabama-cityAlabama City to Pay Cyber-Ransom - Infosecurity Magazine infimasec.com › blog › florence-warned-then-attackedDespite Warnings, City Thought They Were Safe www.bitdefender.com › en-us › blogDespite resolution not to give in to hackers' ransom demands www.cbs42.com › news › experts-discuss-ransomwareExperts discuss ransomware attacks in Alabama - CBS 42 www.onenewspage.com › n › MarketsAlabama City Plans to Pay Ransomware Group Despite Warnings www.bitcoininsider.org › article › Alabama City Plans to Pay Ransomware Group Despite Warnings www.researchgate.net › publication › Threat from the dark: ransoming local governments 2025 es.cointelegraph.com › news › alabama-city-plans-toLa ciudad de Alabama planea pagar al grupo de ransomware a mindsmith.ru › threat-from-the-darkThreat from the dark: Study of ransomware attacks on US state www.facebook.com › metacurity › postsMetacurity - Despite Warning, City of Florence Alabama Hit malwaretips.com › threads › alabama-town-hit-byAlabama Town Hit By DoppelPaymer Ransomware Despite Warning coinstats.app › zh › newscoinstats.app coinstats.app › ko › newscoinstats.app www.cybersecurity-insiders.com › alabama-hospitalAlabama Hospital Network pays to ransomware attack hackers www.al.com › news › 2025Ransomware attack forces shut down of Alabama town s ransomware.org › blog › ransomware-attacks-on-u-sRansomware Attacks on U.S. Cities Keep Coming What Long-Term www.constangy.com › constangy-cyber-advisor › youveYou ve been hit with ransomware. Think twice before you pay. www.cisa.gov › cybersecurity-advisories › aa aStopRansomware: Medusa Ransomware - CISA en.wikipedia.org › wiki › Play_(hacker_group)Play (hacker group) - Wikipedia

Comments