Is ransomware making a comeback? The attack declined by 45 percent in 2018 from the previous year, but it recently has proved to be a headache for towns and businesses.
Ransomware decimated Baltimore last week. It’s the city’s second attack in 14 months. The RobbinHood virus crippled most of the city, causing officials to scramble for answers. The hackers gained control of computers and demanded three Bitcoins per system or 13 Bitcoins for the whole system. The ransom would cost $17,600 per computer or $76,280 for the system. Baltimore mayor Bernard Young said the city would not pay the ransom.
Young informed residents that essential services were operating, but many more would be out of service or performed manually. The city’s IT personnel quickly responded by disconnecting computers from the Internet and unplugging Ethernet cables from its network.
The root cause of the attack has yet to be determined.
RobbinHood breached the computer system of the city of Greenville, N.C., in April. It uses methods other than spam to distribute through networks. Remote desktop servers are a primary target.
Baltimore and Greenville are part of a trend proving ransomware is far from extinction. For example:
- In March, Albany, N.Y.’s municipal government suffered an attack. No critical information was compromised, but city officials as of April 11 still were unable process requests for birth certificates, marriage licenses and other vital records. A police officer had his bank account drained. The money has since been recovered, but it was the result of a phishing scam. The city did not pay the ransom.
- A rural county in Georgia wasn’t so fortunate. An attack in early March crippled the area, forcing it to pay a $400,000 ransom. The incident immobilized agencies, causing many to conduct operations on paper. The Jackson County manager consulted with a cybersecurity professional, who determined paying the request was more feasible than rebuilding the county’s network.
- Orange County, N.C., suffered a setback, too, in March. Computers at the library, tax department, planning board and register of deeds were among those affected. The county’s IT department quickly isolated the infection and worked on restoring its computers. This was the third time in six years the county had suffered an attack.
- A county in Utah couldn’t escape the wrath of a ransomware attack. The attacker plundered Garfield County’s records before sending a message reading it wouldn’t return them until ransom demands were met. Garfield paid the ransom and had its records returned. The cost of the ransom was not reported.
- Arizona Beverages, one of the largest beverage suppliers in the United States, had hundreds of computers and servers devastated by an attack in March. More than 200 servers and networked computers displayed the message: “Your network was hacked and encrypted.” The companies name was included in the ransom note. The company was running outdated operating systems, and many hadn’t been patched in years. The company was forced to process orders manually several days after the breach.
- A medical practice in Battle Creek, Mich., was forced to close shop in March following a ransomware attack. The practice, comprised by two doctors, lost access to patient medical records, billing, scheduling and other confidential information. The doctors retired rather than paying the ransom.
- Southern Hills Eye Care had a server breached in January, potentially exposing information for as many as 40,000 patients.
These incidents are snapshots for what occurs daily. More than 850 million ransomware infections were detected in 2018 in spite of the 45 percent decrease. That’s one every 6.2 seconds. Most of these attacks share a similar starting point: Employees. The incidents reported above resulted from users opening malware-infested emails, or IT departments failing to update and patch systems. Not backing up files also could bring operations to a halt unless ransom demands are met. Should that happen, these steps should be followed (hackers demand Bitcoin):
- Locate the payment-method instructions. This should read how much and where to pay, and the deadline.
- Set up an account on a Bitcoin exchange and purchase the currency. A wallet address will be provided. It might be wise to acquire the digital currency in advance to prepare for an attack.
- Pay the ransom. That will require a web address to view your specific ransomware-payment information and the hacker’s Bitcoin wallet ID. And depending on the ransomware, the transaction ID or hash generated when you transfer the Bitcoin to the hacker’s wallet.
- The hacker should release a unique executable with a key that begins decrypting files once the transaction has been processed.
Hopefully that doesn’t happen, but a dearth of security-awareness training is siphoning millions from businesses and local governments. Too many organizations aren’t taking this pandemic seriously. Reactive approaches often end poorly. They’re cost-effective in short-term budgeting, but trends prove those who ignore user training or patching are likely to be breached. The average cost of a ransomware attack in 2018 was $133,000.
Educating employees could drastically reduce the likelihood of being robbed. The cost in training a staff should be viewed as an investment instead of an expense. Common sense keeps business and government leaders from leaving their doors open after hours. Why not share a similar standard regarding cybersecurity? Email doesn’t close and can’t be locked, but it can be guarded by security-educated users, who won’t be fooled by grifters poised to crumble businesses and/or governments with a single click.
To discuss security strategy, contact Security Analyst Frank Verdecchia at firstname.lastname@example.org.