In just this month, four cities in the U.S. have become hostages of ransomware. The affected cities as of December 20th are Pensacola, FL; New Orleans, LA; Galt, CA; and St. Lucie, FL.
In a ransomware attack, files are generally stolen from the victim before they are encrypted. Once encrypted, the victim will usually receive a letter demanding a ransom be paid. They will then sometimes threaten that their sensitive information will be released if they are not paid. Other times, they may demand a ransom in exchange for a key that will decrypt the affected files/computers. Until recently, these threats are usually empty.
2019: The year to top all for number of ransomware attacks.
In an article from Emsisoft, a firm that specializes in monitoring ransomeware, the author talks about how in 2019, ransomware attacks seemed to have increased.
Ransomware incidents increased sharply in 2019 due to organizations’ existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses. Combined, these factors created a near-perfect storm. In previous years, organizations with substandard security often escaped unpunished; in 2019, far more were made to pay the price, both figuratively and literally.
Emsisoft Malware Lab
2019 brought an abundance of ransomware attacks on government agencies, educational establishments and healthcare providers. According to Emsisoft, 103 state and municipal governments and agencies were affected, along with 759 healthcare providers, and a combined 86 universities, colleges and school districts.
These attacks are usually investigated to no avail. Out of the attacks that happened this past month, only one group of hackers has claimed responsibility for an attack. In an article published by CBS News, it was stated that the group of hackers known as MAZE was responsible for the Pensacola ransomware attack. MAZE demanded $1 million in ransom for the data they stole and encrypted.
While it is not known for sure who did the other attacks, it is speculated that Ryuk was responsible for the New Orleans attack. While it is highly likely that Ryuk performed the attack, according to NakedSecurity, this has not been confirmed by the City.
This attack has had a huge effect on the city and mayor has declared a state of emergency. As a city that has dealt with disasters (in the natural form) in the past, some say they were well-prepared for this disaster in the cyber world. CBS had a quote from city officials acknowledging that they know how to operate without the internet and without a city network. CBS also says that there is currently little indication of how much money this attack will end up costing the city. They say experts from Emsisoft compare this attack to one that happened recently in Baltimore. The Baltimore attack cost the city over $18 million.
How you can avoid becoming a victim:
You should never assume that your business is “too small” to become a victim of a ransomware attack, or that it will “never happen to you.” Truth is, no one is safe from an attack, but there are a number of ways to prevent it from happening.
- Set a different password for everything. Many people use the same password for everything. If one password is compromised, then every single one of your passwords will be compromised. In addition to this, make sure you use strong passwords/passphrases with special characters and numbers.
- Backup data. Keep data backed up offsite, such as at a data center, where the hacker can’t access it. Offsite data backup is a huge aspect of a standard disaster recovery plan, and a ransomware attack is definitely a disaster worth protecting against.
- Keep operating systems updated and patched. Not updating or postponing updates on your operating system for a long time can only make your data more vulnerable. Patch updates especially are meant to repair (or patch) any vulnerabilities that have been found on the operating system. Keeping operating systems updated ensures you’re being as safe as you can be.
- Consider a firewall software like SonicWall. Such software blocks malware from entering the company’s data by mechanisms that scan and detect for malware. The software blocks out anything that it thinks could be malicious.