Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
City of Aurora, IL

City of Aurora, IL Vendor Cyber Rating & Cyber Score

il.us

Aurora, a suburb of Chicago, is a city in DuPage, Kane, Kendall, and Will counties in the U.S. state of Illinois. Located primarily in DuPage and Kane counties, it is an outer suburb of Chicago and the second most populous city in the state, and the 115th most populous city in the country. The population was 197,899 at the 2010 census, and was estimated to have increased to 200,965 by 2017. Once a mid-sized manufacturing city, Aurora has grown since the 1960s. Founded within Kane County, Aurora's city limits and population have expanded into DuPage, Will, and Kendall counties. Between 2000 and 2003, the U.S. Census Bureau ranked Aurora as the 34th fastest-growing city in the United States. From 2000 to 2009, the U.S. Census Bureau ranked


CAI A.I CyberSecurity Scoring

CAI
Company Information
Website:https://www.aurora.il.us
Employees number:401
Number of followers:6,951
NAICS:92
Industry Type:Government Administration
Homepage:il.us
CAI Risk Score (AI oriented)
Between 600 and 649
logo
CAIGovernment Administration
Updated:
20/05/2026
642/1000
Poor
Caa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
CAI Global Score (TPRM)
xxxx
logo
CAIGovernment Administration
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

CAI
CAIPoor
Current Score
642Caa (POOR)
01000
2 incidents
-21 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
646Before Incident
JUNE 2026
645Before Incident
MAY 2026
662Before Incident
Cyber Attack
30 Apr 2026CAI
City of Aurora and Illinois: Aurora, Ill., Investigating Recent Cyber Attack

Sophisticated Cyber Attack on Aurora, Illinois Resulting in Fraudulent ACH Payments

641After Incident
HIGH-21
CIT1779294250
Aurora, Illinois Investigates Sophisticated Cyber Attack Resulting in Fraudulent ACH Payments The city of Aurora, Illinois, is investigating a cyber attack that led to unauthorized ACH transactions from city accounts, discovered on April 30 just one day after the fraudulent activity occurred. Mayor John Laesch described the incident as a "very sophisticated cyber attack," though city officials maintain that internal systems were not compromised. While the exact financial loss remains undisclosed, authorities, including the Aurora Police Department and the FBI, are actively working to determine the total amount stolen. The city has taken immediate steps to mitigate the impact, recovering some funds and expressing optimism about further recovery efforts. Aurora also holds insurance to cover such incidents. The fraudulent transactions involved ACH (Automated Clearing House) payments, which require only a bank account and routing number commonly used for business bill payments. Due to the ongoing investigation, details about potential disciplinary actions, specific departmental involvement, or personnel matters have not been released. Aurora has partnered with cybersecurity firm NuHarbor Security, Inc., and implemented employee training programs, including KnowBe4’s cybersecurity courses and regular phishing exercises. The city has not publicly disclosed the incident until now, citing the active nature of the investigation. Law enforcement and cybersecurity professionals continue to collaborate on the case.
INCIDENT DETAILS -
TYPE
Financial Fraud
MOTIVATION
Financial Gain
IMPACT
Payment Information Risk: High
APRIL 2026
662Before Incident
MARCH 2026
659Before Incident
FEBRUARY 2026
658Before Incident
JANUARY 2026
656Before Incident
DECEMBER 2025
653Before Incident
NOVEMBER 2025
652Before Incident
OCTOBER 2025
650Before Incident
SEPTEMBER 2025
648Before Incident
AUGUST 2025
646Before Incident
MARCH 2025
762Before Incident
Ransomware
21 Mar 2025CAI
City of Aurora, IL: Over 300 Critical Infrastructure Organizations Hit by Medusa Ransomware Attacks

Medusa Ransomware Gang Compromises Over 300 Critical Infrastructure Organizations

634After Incident
CRITICAL-128
CIT1765598574
Medusa Ransomware Gang Targets Over 300 Critical Infrastructure Organizations in Global Campaign U.S. federal authorities—including the FBI, CISA, and MS-ISAC—have issued a joint cybersecurity advisory warning of a surge in attacks by the Medusa ransomware gang, which has compromised over 300 critical infrastructure organizations as of February 2025. The group, operating under a ransomware-as-a-service (RaaS) model, has rapidly escalated its operations since its emergence in 2021, becoming one of the most active threat actors in recent years. ### Tactics and Targets Medusa employs double extortion, encrypting victims’ systems while threatening to leak stolen data unless ransoms—ranging from $100,000 to over $40 million—are paid. In some cases, the gang has demanded additional payments for a "true decryptor," suggesting triple extortion tactics. Affiliates earn 70–80% of ransom payments, incentivizing widespread attacks. The group has targeted sectors including healthcare, education, legal, insurance, technology, and manufacturing, with notable victims such as: - Aurora City (Colorado) - Heartland Health Center (Nebraska) - Bell Ambulance (Wisconsin) - Laurens School District 56 (South Carolina) - CPI Books (UK) ### Infection Methods and Tools Medusa gains initial access through phishing campaigns and the exploitation of unpatched vulnerabilities, including: - CVE-2024-1709 (ScreenConnect) - CVE-2023-48788 (Fortinet EMS SQL injection) Once inside a network, the gang uses remote access tools (AnyDesk, Atera, Splashtop) and Windows services (RDP, PsExec) for lateral movement. It deploys Rclone for data exfiltration and gaze.exe for encryption, while disabling security software, terminating backups, and deleting shadow copies to hinder recovery. ### Encryption and Extortion Medusa encrypts files using AES-256, appending a .medusa extension, and leaves a ransom note demanding contact within 48 hours via Tor, Tox, or encrypted messaging. Victims who fail to respond face public data leaks on the gang’s .onion site, where stolen data is also auctioned. The group offers a $10,000 "extension fee" to delay publication by one day. ### Mitigation Efforts Authorities recommend patching vulnerabilities, network segmentation, MFA enforcement, and offline backups to reduce risk. The advisory underscores the group’s persistence and sophistication, particularly against critical infrastructure, where disruption can have cascading effects. Medusa’s rise to ninth in global ransomware activity (per NCC Group) and its 9% share of 2024 attacks (BlackFog) highlight its growing threat to organizations worldwide.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gainData extortion
IMPACT
Critical infrastructure systemsVirtual machinesBackup servicesOperational Impact: Widespread disruption of critical services
DATA BREACH
Sensitive informationPersonally identifiable informationSensitivity Of Data: High

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for CAI ?
?
What was CAI's A.I Rankiteo Cyber Score in June 2026 ?
?
What was CAI's A.I Rankiteo Cyber Score in May 2026 ?
?
What was CAI's A.I Rankiteo Cyber Score in April 2026 ?
?
What was CAI's A.I Rankiteo Cyber Score in March 2026 ?
?
What was CAI's A.I Rankiteo Cyber Score in February 2026 ?
?
What was CAI's A.I Rankiteo Cyber Score in January 2026 ?
?
What was CAI's A.I Rankiteo Cyber Score in December 2025 ?
?
What was CAI's A.I Rankiteo Cyber Score in November 2025 ?
?
What was CAI's A.I Rankiteo Cyber Score in October 2025 ?
?
What was CAI's A.I Rankiteo Cyber Score in September 2025 ?
?
What was CAI's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on CAI's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with CAI ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view CAI's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?