You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

June Cyber Security Newsletter- What is a Ransomware Attack?

CyberSecurity Bulletin

What is a Ransomware Attack?

What exactly is ransomware? How does it attack an organization, and more importantly, why?

by Brianna Vega on June 24, 2019

What is Ransomware? How does Ransomware attack an organization?

Ransomware is a form of malicious software (malware). Once it has taken control of your laptop or desktop it will threaten your system usually by encrypting your data until a ransom is paid. Once the ransom has been paid the attacker behind the ransomware will either restore access to the encrypted files or will take the money and disappear.

Ransomware has a variety of ways to gain access to a computer. The most common method is usually through a phishing attempt. The attacker will send the victim an email that will contain a link or file. The attacker will form this email to look like it is coming from a sender the victim may know to gain their trust. The victim will open the link or file allowing the malware to be downloaded and take control of the victim’s computer. Once the attacker has gained access to the system they will begin to encrypt some or all of the user’s files. These files can only be decrypted with a key the attacker knows. In some cases the attacker can encrypt these files without a key so that even if a ransom is paid access to these files cannot be granted.

Why do attackers target local governments?

So why do these ransomware attackers target governments, municipalities and medical agencies the most? It is because these organizations need immediate access to their files. These organizations need their files to run business. These organizations are the most vulnerable and attackers know this.

In Today’s News:

The city of Baltimore had a ransomware attack happen on May 7th. This has been the second attack on the city in the last year and this most recent attack took down a majority of the city’s servers. This attack did not shut down 311 or 911 like the attack to the city of Baltimore did last year. Instead, the city council had to cancel a hearing on gun violence and the water department could not answer customer questions about water bills. Soon the city’s email would go down and all city transactions would have to be done in person at the Town Hall. The variant of ransomware used in this attack was called RobbinHood. These ransomware attacks will encrypt files and lock down systems until a ransom has been paid. RobbinHood requested a ransom of 3 Bitcoins/$17,600, per system or 13 Bitcoins/$76,280 to unlock all the city’s systems. RobbinHood wanted the ransom paid within 4 days or the price would increase, if payment was still not paid after 10 days the city would risk losing all of their data. Baltimore refuses to pay this ransom which will ultimately cost them around $18 million dollars in lost revenue (due to lost or deferred payments), data and equipment.

Another ransomware attack has hit the news this week. Riviera Beach in Florida has agreed to pay ransomware attackers over $600,000 three weeks after the city’s systems were attacked by ransomware. On May 29th, 2019 a ransomware attack the city of Riviera Beach. An employee in the police department opened up a harmful email which allowed the ransomware to infect machines across the network. This attack caused email to go down within the city departments. 911 dispatchers were unable to enter calls into computer systems and town officials had to resort to hand-printed checks to run business. The city of Riviera Beach will pay the ransom after waiting three weeks, in this case a decrypting tool will be given by the attackers. This process on average recovers about 93% of the decrypted data.

These two attacks are not the only cyberattacks on local governments in the US. These attacks are successful and are highly destructive which demonstrates the need for better cybersecurity. “In 2016, the International City/County Management Association (ICMA) surveyed 2,423 local US governments and got only 411 responses.” (Bradbury, 2019) The survey found only 34% had a breach recovery plan and only 48% had a cybersecurity plan. While the biggest barrier to creating an effective cybersecurity plan is a lack of funds, the first target in a cyber attack is its employees.

7 Security Tips for You!



 

I will be sending out monthly security newsletters. If you ever have a concern or question on best security practices please feel free to email me at bvega@shrewsburyma.gov

Thank you!

Sources:

Florida city will pay over $600,000 to ransomware attackers. (2019, June 21). Retrieved from https://nakedsecurity.sophos.com/2019/06/21/florida-city-will-pay-over-600000-to-ransomware-attackers/

Duncan, I., & Campbell, C. (2019, June 20). Baltimore city government computer network hit by ransomware attack. Retrieved from https://www.baltimoresun.com/politics/bs-md-ci-it-outage-20190507-story.html

https://www.youtube.com/watch?v=i0iLy8racHI

  • 127
  • 01-Jul-2019
  • 239 Views