The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted.

The attackers are demanding a 100 bitcoin ($689,147) ransom for a decryptor, to take down files that have been publicly leaked, and to not release more stolen files.

The City of Torrance is a suburb of Los Angeles located in the South Bay along the Pacific coast, with a population of approximately 150,000 people.

In February 2020, DoppelPaymer created a site called “Dopple Leaks” that they used to publish the stolen data of victims who refuse to pay a ransom.

In a new update to this site, DoppelPaymer has created a page titled “City of Torrance, CA” containing numerous leaked file archives allegedly stolen from the City during the ransomware attack.

Data leaked on DoppelPaymer site
Data leaked on DoppelPaymer site

Based on the names of the archives, this data includes city budget financials, various accounting documents, document scans, and an archive of documents belonging to the City Manager.

In the past, DoppelPaymer has sold stolen data on the dark web and hacker forums to “cover some costs” of their attacks.

200 GB worth of files allegedly stolen

In an email to BleepingComputer, the DoppelPaymer operators stated that in an attack on March 1st, they erased the City’s local backups and then encrypted approximately 150 servers and 500 workstations.

As part of the attack, they also claim to have stolen approximately 200+ GB of files.

In a text file shared with BleepingComputer listing all of the files they claim to have stolen, it comes out to 269,123 files throughout 8,067 directories.

To receive a decryption key, DoppelPaymer is demanding 100 bitcoins or approximately $680,000 at current prices.

In March, local media reported [12] of a cyberattack on the City of Torrance. At that time, the City stated that no “public personal data” was affected.

DoppelPaymer also previously attacked the Mexico’s Pemex Oil November 2019 where they demanded a $4.9 million ransom.

BleepingComputer has contacted the City of Torrance to confirm the attack but has not heard back at this time.