Smart parking meters company hacked and infected with ransomware

A major company that manufactures smart parking meters and other variants of parking control technology in various cities around the world suffered a cyber attack that led to the leaking of some confidential documents, in addition to leaving multiple systems encrypted with ransomware.

CivicSmart also integrates its systems with popular mobile apps that drivers use to power the meter, such as Parking Panda and ParkMobile.

The affected company is Milwaukee-based CivicSmart. This firm sells parking meters with functions such as mobile payment processing and that include hardware and software of its own development. The attack reportedly occurred with a variant of the Sodinokibi ransomware (also known as REvil). The leaked documents were posted on a website controlled by hackers; According to cybersecurity experts, criminals do this as a way to put pressure on affected companies.

Although the attack was reported to the company since March, the information was recently exposed. From the screenshot published by the hackers, it can be deduced that they managed to extract almost 159 GB of confidential information from CivicSmart. Stolen documents may contain information such as:

  • Employee names
  • CivicSmart Contract Details
  • Bank statements
  • Parking meter user card numbers, among other data

Shortly after the incident was publicly disclosed, hackers updated the section on their CivicSmart website, mentioning that the company agreed to pay to have this information removed from the website: “The managers of this company are really pragmatic and real businessmen, “mentions the message posted by the hackers.

However, the risk remains latent, because although the information was removed from the hackers ‘website, the users’ payment card data could still be used by threat actors to put users of these parking meters at risk: “The real problem is that cybercriminals still have this data,” said one cybersecurity specialist. “In reality, nothing guarantees that the information of the users of the service will be eliminated by the hackers.”

As for the risks to which users would be exposed, there are malicious activities such as spear phishing campaigns, ransomware attacks and some variants of identity fraud. The REvil ransomware has recently been identified in many other attacks, such as the one that occurred at Brooks International, a professional services company.