Ransomware and the attack on infrastructure
2019 is the year of ransomware. As of October 1, ransomware has impacted at least 621 different public service organizations – infecting higher profile targets and demanding larger ransoms. While ransomware has always been a threat, hackers are targeting infrastructure facilities and organizations more and more because of the success and ease of past attacks. School districts, city governments, and hospitals have failed to upgrade their systems in a timely manner, and the increased success of ransomware against them should serve as a warning for organizations who put cyber hygiene on the back-burner.
Locked out of class
A large portion of the successful ransomware attacks have targeted school districts – which have led to individual school or district-wide closings. School equipment and technology is routinely behind the curve, with student computers using outdated operating systems and anti-virus protection, which means more vulnerable systems. This is compounded by a population of students who are less informed about good cybersecurity habits and are more likely to fall for a phishing scheme or download malware.
Encryption keys to the city
The most high profile ransomware attack this year was against the city of Baltimore. The attack began on May 7 using a ransomware script dubbed “RobinHood” that swept through government sites, encrypting crucial data and servers before the hacker demanded the city to pay $76,000 in bitcoins to unlock the data. The mayor refused to pay the ransom. The city lost access to Baltimore government websites, affecting everything from property taxes, water bills, and electronic parking tickets. Employees were forced to create Gmail accounts as a temporary workaround before the security systems flagged them as suspicious and promptly disabled the accounts. For a city that didn’t have proper backups or cybersecurity hygiene in place, building back up without paying ransom cost Baltimore more than $18 million dollars.
Regrets in plaintext
Ransomware that targets public facilities and infrastructure is so effective because the denial of these resources can be dramatic. There is no better example of the pressure organizations face to pay a ransom than hospitals targeted by ransomware. Without access to their systems, patients' health becomes at risk. When ransomware infected three Alabama hospitals, officials paid the ransomware attackers in order to rebuild their networks. For many hospitals and critical facilities, the price of the ransom is less that the cost of fixing the attack.
Reboot, report phishing, don't recycle passwords
Ransomware is primarily distributed through phishing emails. Phishing emails can contain the malware itself, which will encrypt the information stored on the machine and possibly try to spread to other machines on the network, or a hacker will use stolen credentials to gain access to a compromised network where they then spread the ransomware. The best way to protect against phishing attacks is by being able to recognize phishing emails and follow best security practices, as well as making sure your device has all necessary updates.
When a virus infects a computer, it tries to worm its way onto other systems. EternalBlue, an exploit that takes advantage of a protocol vulnerability in Windows, is one of the major tools leveraged in ransomware attacks that causes every computer on the network to become infected. To combat malware worming from one computer to another, it is important to keep up with security updates.
Thank you for reading, and as always, stay vigilant!