Ransomware Comeback

Monday, August 26, 2019

Ransomware has become one of the most serious and prevalent cyber threats.

Ransomware is a type of malicious software (malware), that encrypts a victim’s files and systems, denying access to them, until a ransom has been paid. Ransomware can be much more serious than denying legitimate access to one’s systems and files. It can deny hospitals access to needed files and resources or prevent cities from rendering needed public services.

Despite reports released last year that predicted a decline in ransomware, these attacks have increased. According to one source, ransomware attacks on businesses rose over 500% from 2018 to 2019. In response to this increase, the Cybersecurity and Infrastructure Security Agency (CISA) released its first CISA Insights product, CISA Insights – Ransomware Outbreak, which includes recommendations to help organizations limit damage, and recover smartly and effectively.

Recently, a sophisticated ransomware attack, or series of attacks, infected the systems and data of 22 local government organizations in Texas and held them hostage for millions of dollars.

Evidence currently points that these attacks came from a “single threat actor.” According to several experts who are helping the Texas local government organizations, the vector of attack appears to have been through one trusted communications channel primarily used by law enforcement. Once the attack was inside that system, it was then able to propagate to other systems. State and federal authorities are assisting with the recovery of their systems and data.

More than 40 municipalities have been the victims of cyberattacks this year, ranging from major cities such as Baltimore and Albany, to smaller towns such as Lake City, Fla. and Rockville Center, N.Y. School District are among the few organizations hit with ransomware to have paid the ransom. They claim that rebuilding their systems would have been more costly.

The Federal Bureau of Investigation warns, however, that paying the ransom in these cyber attacks only encourages more attacks and there is no guarantee the system and data will be recovered. Unfortunately, most ransomware attacks appear to target small-town America, probably because many local governments have fewer financial and technical resources and they are less likely to have updated their cyber defenses or backed up their data.

What Can You Do?

Some of the things you can do to help avoid becoming the next victim to ransomware includes the following actions:

  • Think before you click! Never click on links or open attachments in unsolicited emails.
  • Follow safe practices when browsing the Internet. Avoid questionable sites.
  • Segment networks/devices. Make it harder for malware to infect multiple systems.
  • Backup data, system images, and configurations regularly and keep the backups off the main network. Be sure to regularly test your backup and restoration process.
  • Update and patch systems regularly. This eliminates known vulnerabilities.
  • Make sure anti-malware and other security solutions are installed and up to date.
  • Review and update as necessary disaster recovery plans and procedures.
  • Review and exercise your incident response plan. Know how to respond and who to contact when an incident occurs.
  • Pay attention to ransomware events and apply any lessons learned.
  • If your organization is infected with ransomware, be sure to report it and ask for help in mitigating/responding to the incident.