CAI A.I CyberSecurity Scoring
CAI
Company Information
Website:https://www.aurora.il.us
Employees number:401
Number of followers:6,951
NAICS:92
Industry Type:Government Administration
Homepage:il.us
CAI Risk Score (AI oriented)
Between 600 and 649
CAIGovernment Administration
Updated:
20/05/2026
20/05/2026
642/1000
Poor
Caa
CAI Global Score (TPRM)
xxxx
CAIGovernment Administration
Score locked

CAIPoor
Current Score
642Caa (POOR)
01000
2 incidents
-21 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
646
JUNE 2026
645
MAY 2026
662
Cyber Attack
30 Apr 2026 • CAI
City of Aurora and Illinois: Aurora, Ill., Investigating Recent Cyber Attack
Sophisticated Cyber Attack on Aurora, Illinois Resulting in Fraudulent ACH Payments
641
HIGH-21
CIT1779294250
Aurora, Illinois Investigates Sophisticated Cyber Attack Resulting in Fraudulent ACH Payments
The city of Aurora, Illinois, is investigating a cyber attack that led to unauthorized ACH transactions from city accounts, discovered on April 30 just one day after the fraudulent activity occurred. Mayor John Laesch described the incident as a "very sophisticated cyber attack," though city officials maintain that internal systems were not compromised.
While the exact financial loss remains undisclosed, authorities, including the Aurora Police Department and the FBI, are actively working to determine the total amount stolen. The city has taken immediate steps to mitigate the impact, recovering some funds and expressing optimism about further recovery efforts. Aurora also holds insurance to cover such incidents.
The fraudulent transactions involved ACH (Automated Clearing House) payments, which require only a bank account and routing number commonly used for business bill payments. Due to the ongoing investigation, details about potential disciplinary actions, specific departmental involvement, or personnel matters have not been released.
Aurora has partnered with cybersecurity firm NuHarbor Security, Inc., and implemented employee training programs, including KnowBe4’s cybersecurity courses and regular phishing exercises. The city has not publicly disclosed the incident until now, citing the active nature of the investigation. Law enforcement and cybersecurity professionals continue to collaborate on the case.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
APRIL 2026
662
MARCH 2026
659
FEBRUARY 2026
658
JANUARY 2026
656
DECEMBER 2025
653
NOVEMBER 2025
652
OCTOBER 2025
650
SEPTEMBER 2025
648
AUGUST 2025
646
MARCH 2025
762
Ransomware
21 Mar 2025 • CAI
City of Aurora, IL: Over 300 Critical Infrastructure Organizations Hit by Medusa Ransomware Attacks
Medusa Ransomware Gang Compromises Over 300 Critical Infrastructure Organizations
634
CRITICAL-128
CIT1765598574
Medusa Ransomware Gang Targets Over 300 Critical Infrastructure Organizations in Global Campaign
U.S. federal authorities—including the FBI, CISA, and MS-ISAC—have issued a joint cybersecurity advisory warning of a surge in attacks by the Medusa ransomware gang, which has compromised over 300 critical infrastructure organizations as of February 2025. The group, operating under a ransomware-as-a-service (RaaS) model, has rapidly escalated its operations since its emergence in 2021, becoming one of the most active threat actors in recent years.
### Tactics and Targets
Medusa employs double extortion, encrypting victims’ systems while threatening to leak stolen data unless ransoms—ranging from $100,000 to over $40 million—are paid. In some cases, the gang has demanded additional payments for a "true decryptor," suggesting triple extortion tactics. Affiliates earn 70–80% of ransom payments, incentivizing widespread attacks.
The group has targeted sectors including healthcare, education, legal, insurance, technology, and manufacturing, with notable victims such as:
- Aurora City (Colorado)
- Heartland Health Center (Nebraska)
- Bell Ambulance (Wisconsin)
- Laurens School District 56 (South Carolina)
- CPI Books (UK)
### Infection Methods and Tools
Medusa gains initial access through phishing campaigns and the exploitation of unpatched vulnerabilities, including:
- CVE-2024-1709 (ScreenConnect)
- CVE-2023-48788 (Fortinet EMS SQL injection)
Once inside a network, the gang uses remote access tools (AnyDesk, Atera, Splashtop) and Windows services (RDP, PsExec) for lateral movement. It deploys Rclone for data exfiltration and gaze.exe for encryption, while disabling security software, terminating backups, and deleting shadow copies to hinder recovery.
### Encryption and Extortion
Medusa encrypts files using AES-256, appending a .medusa extension, and leaves a ransom note demanding contact within 48 hours via Tor, Tox, or encrypted messaging. Victims who fail to respond face public data leaks on the gang’s .onion site, where stolen data is also auctioned. The group offers a $10,000 "extension fee" to delay publication by one day.
### Mitigation Efforts
Authorities recommend patching vulnerabilities, network segmentation, MFA enforcement, and offline backups to reduce risk. The advisory underscores the group’s persistence and sophistication, particularly against critical infrastructure, where disruption can have cascading effects.
Medusa’s rise to ninth in global ransomware activity (per NCC Group) and its 9% share of 2024 attacks (BlackFog) highlight its growing threat to organizations worldwide.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for CAI ??
What was CAI's A.I Rankiteo Cyber Score in June 2026 ??
What was CAI's A.I Rankiteo Cyber Score in May 2026 ??
What was CAI's A.I Rankiteo Cyber Score in April 2026 ??
What was CAI's A.I Rankiteo Cyber Score in March 2026 ??
What was CAI's A.I Rankiteo Cyber Score in February 2026 ??
What was CAI's A.I Rankiteo Cyber Score in January 2026 ??
What was CAI's A.I Rankiteo Cyber Score in December 2025 ??
What was CAI's A.I Rankiteo Cyber Score in November 2025 ??
What was CAI's A.I Rankiteo Cyber Score in October 2025 ??
What was CAI's A.I Rankiteo Cyber Score in September 2025 ??
What was CAI's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on CAI's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with CAI ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view CAI's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?