Vertical Markets

Ransomware attacks on municipalities

by Mark Rowe

It’s been a year of ransomware attacks on municipalities, according to a cyber security company. This comes after Kaspersky researchers observed that at least 174 municipal institutions, with more than 3,000 subset organisations, have been targeted by ransomware during the last year. This represents a 60pc increase at least, from the figure in 2018, according to the firm. While threat actors’ demands would sometimes reach up to £3,794,450 ($5,000,000), actual costs and damages sustained during attacks are estimated to be larger.

As Kaspersky says, ransomware is a notorious headache for the corporate sector, affecting businesses for a number of years. And 2019 has seen the rapid development of an earlier trend, where malware distributors have targeted municipal bodies. Researchers note that while these targets might be less capable of paying a large ransom, they are more likely to agree to cyber-criminals’ demands. Blocking any municipal services directly affects the citizens and results not only in financial losses but other socially significant and sensitive consequences.

Judging by publicly available information, the ransom amounts varied greatly, reaching up to £4,021,560 ($5,300,000) and £783,415 ($1,032,460) on average. The researchers noted that these figures do not accurately represent the final costs of an attack, as the long-term consequences are far more devastating.

Fedor Sinitsyn, a security researcher at Kaspersky says: “One must always keep in mind that paying extortionists is a short-term solution which only encourages criminals and keeps them funded to quite possibly return. In addition, once the city has been attacked, the whole infrastructure is compromised and requires an incident investigation and a thorough audit. This inevitably results in costs that are additional to ransom. At the same time, based on our observations cities might be sometimes inclined to pay because they usually cover the cyber risks with help of insurance and allocating budgets for incident response. However the better approach would be also investing in proactive measures like proven security and backup solutions as well as regular security audit. While the trend of attacks on municipalities is only growing, it can be stifled and nipped in the bud by adjusting the approach to cybersecurity and what is more important by the refusal to pay ransoms and broadcasting this decision as an official statement.”

The malware that was most often cited as a culprit varies too, yet three families were named as the most notorious, by researchers: Ryuk, Purga and Stop. Ryuk appeared on the threat landscape more than a year ago and has since been active all over the world, in the public and the private sector. Its distribution model usually involves delivery via backdoor malware which in turn spreads by the means of phishing with a malicious attachment disguised as a financial document. Purga malware has been known since 2016, yet only recently municipalities have been discovered to fall victims to this trojan, having various attack vectors – from phishing to brute force attacks. Stop cryptor is a relative novice as it is only a year old. It propagates by hiding inside software installers.

What to do? The firm advises that you install all security updates as soon as they appear. Most cyberattacks are possible by exploiting vulnerabilities that have already been reported and addressed, the firm points out. Always have fresh back-up copies of your files so you can replace them in case they are lost, whether to malware or a broken device, and store them not only on the physical object but also in cloud storage. Remember that ransomware is a criminal offence. You shouldn’t pay a ransom, the firm says. If you become a victim, report it to your local law enforcement. Try to find a decryptor on the internet – some of them are available for free: https://noransom.kaspersky.com.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing