{
	"id": "44a7e333-294f-4f00-a6f5-9a1244245670",
	"created_at": "2026-04-06T00:22:14.829627Z",
	"updated_at": "2026-04-10T03:21:56.157988Z",
	"deleted_at": null,
	"sha1_hash": "47f01e9045325cd5ac47041555565eceef2ad6a5",
	"title": "BitPaymer Ransomware Paralyzes IT Systems of the Alaskan Town | SOC Prime",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 33127,
	"plain_text": "BitPaymer Ransomware Paralyzes IT Systems of the Alaskan\r\nTown | SOC Prime\r\nBy Eugene Tkachenko\r\nPublished: 2018-08-01 · Archived: 2026-04-05 14:50:04 UTC\r\nDelaware, USA – August 1, 2018 – Another Ransomware attack practically froze the Matanuska-Susitna borough.\r\nThe incident occurred on Tuesday, July 24, and the network did not fully recover so far. Attackers used BitPaymer\r\nRansomware to encrypt 500 computers and 120 servers connected to government networks. According to official\r\nrepresentatives of the Borough, no sensitive data was stolen, and the attempt to encrypt all the backup copies\r\nfailed. In spite of this, the infrastructure restoration is still ongoing, the phone server was launched only this\r\nMonday, and the mail server is still being restored. IT security staff of Matanuska-Susitna reported that malware\r\ninfected the network on May 3, and on July 17 it was first detected by an antivirus solution. However, the\r\nantivirus was able to clean the systems only from the Trojan module of BitPaymer, and when IT staff attempted to\r\nremove ransomware components manually, BitPaymer encrypted all systems. This ransomware appeared a year\r\nago and security researchers suggest that its creators are the same who operate the Necurs botnet and spread\r\nDridex banking trojan.\r\nFurthermore, researchers from Sophos published a report on SamSam Ransomware activity. Experts assume that\r\nthe development of malware and all attacks are conducted by a lone cybercriminal, who managed to get almost $6\r\nmillion in ransom payments from 233 victims. According to Sophos, this cybercriminal infects one organization\r\nper day, and one in four pays a ransom. To detect the attack at early stages, you can use SIEM with Ransomware\r\nHunter use case, which helps to discover suspicious connections and attempts to communicate with Ransomware\r\nC\u0026C servers.\r\nSource: https://socprime.com/en/news/bitpaymer-ransomware-paralyzes-it-systems-of-the-alaskan-town/\r\nhttps://socprime.com/en/news/bitpaymer-ransomware-paralyzes-it-systems-of-the-alaskan-town/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://socprime.com/en/news/bitpaymer-ransomware-paralyzes-it-systems-of-the-alaskan-town/"
	],
	"report_names": [
		"bitpaymer-ransomware-paralyzes-it-systems-of-the-alaskan-town"
	],
	"threat_actors": [],
	"ts_created_at": 1775434934,
	"ts_updated_at": 1775791316,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/47f01e9045325cd5ac47041555565eceef2ad6a5.pdf",
		"text": "https://archive.orkl.eu/47f01e9045325cd5ac47041555565eceef2ad6a5.txt",
		"img": "https://archive.orkl.eu/47f01e9045325cd5ac47041555565eceef2ad6a5.jpg"
	}
}