Earlier this year, Baltimore, Maryland residents couldn’t pay their municipal bills or make transactions when a ransomware attack locked all computer networks. This attack comes only about a year after Baltimore’s 9-1-1 system fell victim to another virus.
What Is Ransomware?
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.
In this case, the cyber hacker demanded a ransom of $76,000 via a ransom note, accompanied by a time limit to get the networks unlocked. Officials chose not to meet the demands, and instead, the city paid an estimated $18 million to restore and rebuild Baltimore’s computer networks.
Why Did Officials Not Pay the Ransom?
Mayor Bernard C. Jack Young used Twitter to stand for his decision against paying the ransom, saying the Secret Service and FBI advised them not to pay the ransom or to reward criminal behavior. The Mayor’s Deputy Chief of Staff for Operations, Sheryl Goldstine, added that data shows a 50% chance of getting data back after paying a ransom.
How did this ransomware spread? The first version of the ransomware that attacked in Greenville, North Carolina, received the name RobinHood. In this instance, the hackers managed to access a city administrative account, which allowed them to take over the system and plant the malware in each computer. Many speculate that the method of spreading the ransomware between systems in Baltimore involved manipulation of the PsExec tool.
Where Do Ransomware Attacks Happen?
Recently, ransomware activity hit a record number in the US. On July 1st of this year, Riviera Beach became the third city in Florida to fall victim to a ransomware attack. All three cities reportedly paid at least a million dollars in ransom this year.
Following Riviera’s attack, and a year after a similar case in Atlanta, a group of internet hackers followed the same pattern to attack the state court system of Georgia. These incidents show that this can become a common occurrence for institutions and cities with outdated or vulnerable computer systems.
Targeted areas range from regions surrounding larger cities to less populated areas as well. Looking deeper at the top 10 cities hit in 2019 with ransomware shows that none of them include big cities read about in the news recently.
Corporate infections by cybercriminals have happened outside of the United States as well. Data compiled by the Internet Society’s Online Trust Alliance shows that across the world, ransomware costs have risen by 184% during the second quarter of this year. Since 2013, more than 150 country, city or state government systems have fallen target, with 22 incidents already reported this year.
Experts claim these have grown to dangerous proportions.
Why Is This Making Headlines Now?
The current ransomware problem hasn’t stemmed a large discussion until now. This could be in regard to how Baltimore’s city government chose to handle the situation, as well as heightened rumors around the ransomware infection mechanism and fear of a repeat.
As the discussion rises, so too does the talk of preventative measures officials and individuals need to take.
How Can We Prevent Ransomware Attacks?
With advanced technology comes great responsibility in blocking hackers from stealing passwords and breaching networks. It can take a hacker less than a second to guess a four-letter or two-digit password.
This is why identity and access management remains so important for data security within your organization.
Three Areas Organizations Can Focus On
1. Email Protection Tools
Cyber hackers most commonly use email as the primary means of spreading malware, specifically using widespread phishing attacks or spear phishing attacks.
2. User Education and Security Awareness Training
Regarding ransomware infections, employees should be taught to identify a threat based on appearance rather than functionality and know to forward suspicious emails to the in-house security or IT teams to investigate.
3. Post Email Execution Blocking
While other hackers used EternalBlue in the past, officials say it likely didn’t play a part in the spread of RobinHood ransomware. Along with this, patching systems becomes more important, since developers don’t solely fix usability bugs or add features — they cover holes that cybercriminals could overturn.
Don’t Fall Victim to Ransomware Attacks
It’s essential to identify patches to steer clear of a potential disaster, and to implement those within vulnerable systems that contain private or crucial data. For the most part, you should complete inventorying and auditing patches, even if the patch can’t receive a full organization roll out.
Through identifying valuable data, creating a backup and infected system isolation plans, along with learning and implementing identity and access management, as mentioned above, you might save your entire organization’s data from malware infection.
Cybercriminals will not obey the rules for how to conduct attacks. They constantly seek new opportunities, especially in places with weak security. Therefore, using all your resources on avoidance measures will leave your organization in a bad place.
Take the time to establish a plan for when you do get attacked, and build resilience into your networks, policies and culture.
Written by Kayla Matthews, Productivity Bytes