Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Colorado City Forced To Pay $45,000 Ransom To Decrypt Files

Colorado City Forced To Pay $45,000 Ransom To Decrypt Files

A city in Colorado, USA, has been forced to pay $45,000 after the City’s devices were encrypted in July, and they were unable to restore necessary files from backup.

On July 27th, the City of Lafayette suffered a ransomware attack that impacted their phone services, email, and online payment reservation systems.

At the time, the City had not explained what was causing the outage but stated that residents should use 911 or an alternate number for emergency services.

Over a week later, the City announced that they were victims of a ransomware attack that encrypted their devices and data, and took down their systems.

While financial data was recoverable from backups, after weighing the costs, the City decided to pay a $45,000 ransom to  an unknown ransomware operation to receive a decryption tool to recover other encrypted files.

“After a thorough examination of the situation and cost scenarios, and considering the potential for lengthy inconvenient service outages for residents, we determined that obtaining the decryption tool far outweighed the cost and time to rebuild data and systems,” City of Lafayette Mayor Jamie Harkins stated in a video.

The City does not believe any data was stolen and that credit card info was not stored on their servers. To be safe, they advise residents and employees to monitor their accounts for suspicious activity.

“Financial data appears to be recoverable from unaffected backups. Personal credit card information was not compromised, as the City uses external PCI-certified payment gateways. There is no evidence to suggest personal data was compromised, but out of an abundance of caution, residents and employees are advised to be vigilant to monitor accounts for suspicious activity. The City will be sending a security breach notification to individuals who have personal information residing on the City’s network,” the City stated in an announcement.

Harkins explains in the video that the City did not disclose the attacker sooner out of concern it would affect their negotiations with the ransomware operators.

Also read: Privacy policy template important tips for your business

The City of Lafayette got lucky

While it is unknown which ransomware operation attacked the city, one thing is for sure, they got lucky with such a low ransom demand.

BleepingComputer monitors ransomware activity, and most of the active enterprise-targeting operations demand hundreds of thousands, if not millions, of dollars for a decryptor.

If they were affected by an attack by some of the larger operations such as Maze, REvil, LockBit, Doppel, or Clop, it might not have been possible to pay for the ransom without significant financial loss.

Furthermore, these larger operations tend to steal unencrypted files before performing attacks and then publish them on data leak sites if not paid.

This public posting would have led to severe consequences for the City, its residents, and employees, as data published by ransomware operators is commonly monitored by other threat actors who then use it in phishing campaigns or other attacks.

Also read: 4 easy guides to data breach assessment



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us