A city in trouble: are ransomware here to stay?

A city in trouble: are ransomware here to stay?
About the author David Higgins is CyberArk's Technical Director for EMEA. Since early May, Baltimore has been in the grip of a major ransomware attack that has taken many of the city's computer systems hostage. The attack "shut down" thousands of government computers, causing interruptions in water bill payments as well as delays in real estate sales. The hackers behind this request have asked for 13 bitcoins, worth approximately €100,000, to restore these critical computer systems. Baltimore City Mayor Jack Young has publicly said that the city will not pay the ransom demand. However, despite the fact that the FBI, secret services and many cybersecurity experts are working hard to get things back, new reports indicate that the attack will cost the city more than €18 million. A few weeks ago, a Krebs security article quoted a source who had stated that it is "not very likely" that the Eternal Blue exploit was used to spread Robbinhood ransomware, refuting the reports. Previously, that linked the Baltimore ransomware attack to the hacking tool developed by the US National Security Agency (NSA) and leaked online a few years ago.

Local governments and state departments must prepare for a rise in ransomware

According to the latest Verizon DBIR report, ransomware accounts for nearly 24 percent of all malware attacks across all industries. At the same time, a Beazley group report on security breaches published in 2019 points to a phenomenal 105% increase in the number of ransomware notifications between the first quarter of 2018 and the same period this year. Payment requests are also increasing. Beazley's report indicates that the average payment in the first quarter of 2019 (€224,871) has already far exceeded the total of €116,324 for 2018. As the Baltimore attack has shown, state and local governments appear to be particularly vulnerable to ransomware. . The cybersecurity research company Recorded Future has recently published an interesting study on the increase in ransomware attacks by state and local governments targeting critical processes and infrastructure. It revealed that reported attacks against state and local governments increased by 39% in the United States in 2018, and that many of these attacks were opportunistic: In most cases, attackers "stumbled upon" public sector entities seeking vulnerable targets. Although this is a worrying trend across the basin, the UK is not doing much better. The latest cyber security breach survey released by the UK government showed that 27% of businesses and 18% of charities that fell victim to an attack last year were hit by ransomware, which in fact, a significant threat. And while other attack techniques, such as phishing, are becoming more popular with hackers, the damage that ransomware can inflict on organizations is even more significant. In fact, 58% of businesses and charities are more likely to report negative results from ransomware software than any other type of attack.

Image Credit: Shutterstock Image Credit: Shutterstock (Image Credit: Shutterstock)

How can we combat the threat of ransomware?

While there is no one-size-fits-all approach to ransomware prevention, government agencies and businesses can take steps to reduce the risk of malware (such as Robbinhood) spreading and paralyzing their systems.
  1. Backup all critical data
This may seem fundamental, but the number of organizations that do not do it regularly is staggering. Prioritize critical data for your organization and back it up consistently so that if files are locked and held for ransom, you can still keep (at least part of) your business on the go.
  1. Never stop patching
By constantly patching endpoints and servers, the attack surface will be significantly reduced, significantly reducing the risk of compromise. If you have not already done so, stop what you are doing and immediately disable the deprecated Microsoft SMB version 1 protocol or apply the MS17-010 patch. And go a step beyond that. Periodically update all vulnerable software to prevent ransomware infections and make sure your antivirus, firewall, and other perimeter protection tools are always up to date.
  1. Beware of phishing
According to Verizon's DBIR report, phishing is involved in 32% of breaches and 78% of cyber espionage incidents. Hackers often launch their malware attacks through targeted phishing campaigns. If you receive an unsolicited call, email, text message, or online chat, do not reply or click on any links, even if the person claims to be from a legitimate service, before confirming their legitimacy.
  1. Remove local administrator privileges to contain and block attacks
While employee education about phishing is imperative, it can't stop there. The removal of local administrator rights is the basis of effective terminal security. By implementing a combination of lower privilege and application control policies on computers and endpoint servers as part of a broader Zero Trust approach, you can limit the risk of program propagation. malicious, such as Robbinhood, from their initial point of infection. So, there we have it. Ransomware attacks will only intensify, and the Baltimore example is a timely reminder of the severity and adverse consequences of these consequences. Departments and companies fail to take the necessary steps to remediate, back up sensitive data, and inform employees about the evolving threat.

You might also be interested ...