Subscribe to RSS - Ransomware

Ransomware

5 important facts you need to know about the Texas-based ransomware attacks

 - 
Wednesday, August 21, 2019

Whomever is the culprit for all these ransomware attacks on local U.S. government entities sure is getting a ton of notoriety in the media. With 22 reported and known public-sector attacks so far this year, and none tracked by the federal government or FBI, according to CNN, I say, the more information available the better for those needing to protect themselves. 

The most recent ransomware attack happened in my home state of Texas against 22 small-town governments, and while our “Don’t mess with Texas” campaign is aimed at road-side litter, I think it’s appropriate that we take out the trash on cybercrime, too! Here’s 5 important facts you need to know about these attacks: 

Names of the attacked municipalities are undisclosed, except for two. The city of Borger, Texas, located a few miles north of Amarillo in the Texas Panhandle, issued a statement noting that as of Monday, August 19, 2019, birth and death certifications are offline, and the city is unable to take utility or other payments. The city reassured residents that no late fees would be assessed nor would any utilities be shut off.

Keene, Texas, located just outside Ft. Worth, Texas, was also affected in a similar fashion as Borger. They, too, are unable to process utility payments via credit card. Keene Mayor, Gary Heinrich, told NPR, that hackers breached the information technology software used by the city and managed by an outsourced company, which according to the Mayor also supports many of the other targeted municipalities. 

Heinrich also noted that the hackers demanded a collective ransom of $2.5 million but also said there’s no way his city will be coughing up the dough!
“Stupid people,” Heinrich told NPR, referring to the cyber attackers. “You know, just no sense in all this at all.” 

Attacks seem to be from one, single threat actor. This means only one cybercriminal or cyber-criminal group is responsible for the attacks. 

Attacks are coordinated. What’s so alarming about these attacks is that they simultaneously targeted approximately two dozen cities, dubbing it as a “digital assault.”

Attacks are mostly rural. Small-town governments usually don’t have the budget to staff in-house IT, instead using outsourced specialists. This could mean valuable time that should have been used to quickly assess each incident was spent bringing the outsourced specialists up to speed about the details of the attack before any response could begin. 

The overarching goal is response and recovery. The affected municipalities are assessing and responding and, as quickly as possible, moving into remediation and recovery to get back to operations as usual as soon as possible. 

 

Need for cybersecurity soaring

 - 
Wednesday, August 10, 2016

If you aren’t that worried about cybersecurity and the threat of a ransomware attack, you should be.

According to a new report, “State of Ransomware,” which was sponsored by Malwarebytes and conducted by Osterman Research, nearly 40 percent of businesses have experienced a ransomware attack in the last year. Of these victims, more than a third lost revenue and 20 percent had to stop business completely.

And that doesn't even include the companies that aren't reporting being attacked. According to FBI Section Chief Philip Celestini, who was a featured speaker at ESX 2016 in Fort Worth, Texas, 80 percent of companies that have been attacked by ransomware “are not reporting it to law enforcement,” he said. The FBI is reaching out to the industry, Celestini said, for its help in spreading the word of the importance of cybersecurity and working with law enforcement to minimize loss.

According to the FBI, ransomware attacks went from causing $25 million in losses to $200 million in just the last year in the U.S., as well as an astonishing $2 trillion in cyber crime losses worldwide.

According to Nathan Scott, senior security researcher at Malwarebytes and a ransomware expert, over the last four years, “ransomware has evolved into one of the biggest cybersecurity threats in the world, with instances of ransomware in exploit kits increasing 259 percent in the last five months alone. Until now, very few studies have examined the current prevalence and ramifications of actual ransomware incidents in the enterprise.”

Some other key U.S. findings from the study include:
- Security attacks with ransomware are increasing: Nearly 80 percent of U.S. companies have suffered a cyber attack in the last year and more than half experienced a ransomware incident. US organizations are the most attacked among the countries surveyed.
 - Email is the top vector for spreading ransomware: More than half of the U.S. attacks originated with email.
- Upper management and C-Level executives are at a higher risk: 68.4 percent of U.S. respondents noted ransomware attacks impacted mid-level managers or higher, while 25 percent of incidents attacked senior executives and the C-Suite.
- Cybercriminals held high-value data for ransom: Nearly 80 percent of the U.S. organizations breached had high-value data held for ransom.
- Attacks are impacting more than initial endpoints: More than 40 percent of ransomware attacks in all four countries were successful in impacting more than a single endpoint, with nearly 10 percent of the attacks affecting more than one-quarter of the endpoints in the business.
- Current enterprise security measures are weak against ransomware: Almost half of ransomware incidents in the U.S. occurred on a corporate desktop within the enterprise security environment.
- Ransomware remediation takes hours: 44 percent of attacks on U.S. companies forced IT staff to work more than nine hours to remediate the incident. Globally, the figure is 63 percent of incidents that took more than nine hours to remediate.