What do Florida, Louisiana, Maryland, and Texas have in common besides great food and professional football teams? If you guessed that ransomware attacks hammered several of their local government agencies in 2019, you’d be correct!
Sporting fun names like Ryuk, Sodinokibi, Revil, and Robinhood, these strains of ransomware have less than amusing consequences.
What is Ransomware
In plain English, Wikipedia describes ransomware as a type of malware that “restricts access to the computer system that it infects or the data that it stores (often using encryption techniques), and demands a ransom for the creator(s) of the malware… Some forms of ransomware encrypt files on the system's hard disk. Others may lock the system and display messages intended to persuade the user to pay.” Essentially, it’s a way that hackers can lock down a computer or network until the owners pay up a ransom. Hence the name.
There are several vectors ransomware can take to attack a computer. One of the common ways is through phishing emails. Malicious attachments in the email are downloaded and, once opened, can take over a system. Other more aggressive strains exploit security holes to infect devices without a user accidentally clicking or opening a file.
Once the system is compromised and files encrypted, the only way to unlock the data is to input a mathematical key known only to the attacker. The attacker gambles that the victim will pay the ransom, often in untraceable cryptocurrency like Bitcoin, to get the key, to retrieve their data.
These Were the Worst Attacks of 2019
Let’s take a lot at how the states mentioned above faired against some of the worst Ransomware attacks of 2019?
- Florida: A government employee in Riviera Beach, who opened a corrupt email caused the municipality to agree to pay hackers nearly $600,000 to regain control of their data.
- Louisiana: In December, 2019, New Orleans suffered a Ryuk attack that affected approximately 4,000 computers on the network. While no ransom appears to have been paid, the city did have to reimage and redeploy thousands of systems.
- Maryland: After a devastating attack by Robinhood Ransomware, the City of Baltimore elected not to pay the ransom and instead took the path of remediation, at a cost estimated at $18.2 million.
- Texas: A single threat actor executed a coordinated attack on 22 municipalities across the State. Ransomware of the Sodinokibi (REvil) variant breached the network August 16, 2019. While attackers demanded a $2.5 million ransom, none was paid. Cities instead restored compromised systems from backups and rebuilt network infrastructure.
How to Protect Against Ransomware
There are several commonsense steps to avoid infection and ease remediation from ransomware attacks:
- Train your organization on the threat—an ounce of prevention is worth a pound of cure
- Backup system images and data
- Store back up system images and data in a separate location
Finally, organizations must take a realistic look at computer endpoints, appliances, networking infrastructure, and the core data center to ensure that it's hardened against attacks. Besides a disciplined practice of password and I/O security, a rigorous OS update and patch program must be in place as well as advanced software to guard against ransomware and other malware variants.
Carbon Black’s ransomware protection software is one example of a platform that makes use of the efficiency and power of the cloud as well as big data and predictive analytics to protect against existing and emerging Ransomware threats.