Font Size: A A A

Home > News > Interviews > Is city ransomware the new trend?


Is city ransomware the new trend?

For the last couple of months, Baltimore has been affected by a notable ransomware attack that has held many of the city’s IT systems hostage. The attack has ‘brought down’ thousands of government computers, causing everything from water bill payment disruptions to real estate sales delays, writes David Higgins, of the cloud and IT access security product company CyberArk.

The cyber criminals demanded 13 bitcoins — worth about $100,000 – to restore these crucial IT systems. Baltimore City Mayor, Jack Young, has publicly stated that the city will not pay the ransom demand. But even though the FBI, Secret Service and a plethora of cybersecurity experts are working hard to get things back to normal, fresh reports indicate the attack will ultimately cost the city more than $18 million.

A couple of weeks ago, a Krebs on Security post quoted a source who said “it’s not terribly likely” that the Eternal Blue exploit was used to propagate the Robbinhood ransomware, debunking previous reports that linked the Baltimore ransomware attack to the hacking tool developed by the United States federal National Security Agency (NSA) and leaked online a couple of years previously.

According to the latest Verizon DBIR report, ransomware accounts for nearly 24 percent of all malware-related attacks across industries. Meanwhile, a 2019 Beazley Group breach insights report notes a staggering 105 percent spike in ransomware notifications from the first quarter of 2018 to the same period this year. Payment demands are also on the rise. The Beazley report indicates that the average payment in the first quarter of 2019 – $224,871 – has already overtaken 2018’s total of $116,324.

As demonstrated by the Baltimore attack, state and local governments seem to be particularly vulnerable to ransomware. Cybersecurity research firm Recorded Future recently published a study on the uptick in state and local government ransomware attacks targeting essential infrastructure and processes. It revealed that reported attacks on state and local government shot up by 39 percent in the US in 2018, and that many of these attacks were opportunistic: in most cases, attackers “stumbled” upon public-sector entities when looking for vulnerable targets.

While this is a worrying trend in the USA, the UK is also struggling with the rise in ransomware. The most recent Cyber Security Breaches Survey released by the UK government showed that 27 percent of businesses and 18 percent of charities who were victims of an attack last year were hit by ransomware, making it a tangible threat. And while other attack techniques such as phishing are increasingly popular amongst hackers, the damage ransomware can inflict on organisations is much more profound. Indeed, 58 percent of businesses and charities are more likely to report negative outcomes from ransomware than from any other type of attack.

Stay one step ahead

While there is no set formula for ransomware prevention, there are steps government agencies and enterprises alike can take to reduce the risk of malware (such as Robbinhood) from spreading and holding systems hostage.

1. Beware of phishing. According to the Verizon DBIR report, phishing is involved in 32 percent of today’s breaches and 78 percent of cyber-espionage incidents. Attackers often begin their malware attacks through targeted phishing campaigns. If you receive an unsolicited call, email, text message or chat, do not respond or click on any links – even if the person claims to be from a legitimate department – before confirming legitimacy.

2. Never stop patching. Consistently patching endpoints and servers will dramatically reduce the attack surface, making a compromise far less likely. If you haven’t already, stop what you’re doing and immediately disable the (very) outdated Microsoft SMB protocol version 1 or apply patch. And take it one step further than that. Patch all vulnerable software regularly to help prevent ransomware infections – and make sure your antivirus, firewall and other perimeter protection tools are always up to date.

3. Remove local admin privileges to contain and block attacks. While employee education around phishing is imperative, it cannot stop there. Removing local administrator rights is the foundation of effective endpoint security. By implementing a combination of least privilege and application control policies on endpoints and servers as part of a larger Zero Trust approach, you can mitigate the risk of malware like Robbinhood spreading from its initial infection point.

4. Backup all critical data. This may seem like a basic point, but it’s amazing how many organisations don’t do this on a regular basis. Prioritise data that is critical to your organisation and consistently back it up so that if files are locked and held for ransom, you can still keep (at least parts of) your business on the move.

So, it’s clear the threat from ransomware is not going away anytime soon. What happened in Baltimore is a stark reminder of how crippling and widespread the fallout can be. There is too much at stake by government departments and businesses not taking the necessary measures to patch, back up sensitive data and educate employees as to the escalating problem.


Related News