Ransomware Attacks Archives

Municipalities are expected to respond to the demanding needs of maintaining and sustaining vital sectors within our communities, so cities carry a heavy burden of responsibility; now more than ever, they must take cyber threats into account. It is no secret that the municipality industry operates under strict budgets that limit their resources, making them vulnerable and prime targets to cybercriminals. In 2020, 44% of global ransomware attacks targeted municipalities, according to InfoSecurity. This blog will explore four prevention methods your organization can implement to avoid cyberattacks and reduce costs.

Reducing Cost: How to Prevent Cyberattacks on Municipalities

The best way for municipalities to protect themselves from attacks is to prevent them from happening in the first place. Sounds simple, right? It can be. There are solutions to deal with malware infections, but most require more technical skills than the average computer user, so prevention is critical. Let’s start with the easy wins for prevention.

Implement Robust Cybersecurity Training: One of the most significant risks for breaches can be the government’s employees. We are only as strong as our weakest link, and cybercriminals know this. A great way to start building awareness is to create a best practices guide and require consistent cyber awareness training for your employees.
Know the Warning Signs: The first step to combatting malware is recognizing that your computer may have been affected, and it can only be removed if it is appropriately identified. Below are 10 warning signs to look out for:

Your computer is freezing or crashing.
Your computer runs slow and takes longer to start up/shut down.
Ads start popping up.
Emails you did not write are being sent on your behalf.
New icons are appearing on your desktop or toolbar.
Software is difficult to remove or will not allow removal.
The battery won’t last.
Computer locks and ransom is demanded.
Your browser is getting redirected.
Everything is normal – this is the most dismaying non-warning sign of them all.

Create Secure Backups: Backups make for an easier recovery after being attacked by malware. There have been ransomware attacks in the past where confidential files could never be recovered—remember when the City of Atlanta’s data was held for ransom in 2018? As a result, years’ worth of confidential police dashcam footage was never recovered. Malware attacks are inevitable, so preparation is vital.
Patch Management: Developers are consistently working on discovering vulnerabilities in their software. Once they are found, patches or updates to fix those vulnerabilities are released. It is crucial not to procrastinate on software updates. When a security network is outdated, cybercriminals see these flaws and attack within those holes. The more out-of-date security is, the more risk you put on sensitive data and information. Investing in Continuous Vulnerability Management (CVM) will not only help with finding vulnerabilities but fix them by discovering and assessing them in real-time. Here is a breakdown of CMV:

CMV Lifecycle
- Asset Management allows known and unknown assets to be automatically discovered, categorized, identified, and managed.
- Vulnerability Management includes real-time vulnerability and misconfiguration detection within each industry’s most comprehensive range of devices, operating systems, and applications.
- Threat Detection & Prioritization automatically prioritize the vulnerabilities posing the most significant threats to an organization.
- Patch Deployment deploys patches across any size environment, keeping systems up-to-date reducing the vulnerabilities operating teams must chase down.

Focusing on the Bigger Picture

Anti-virus programs are not enough to protect municipalities or businesses when constant monitoring is necessary. Regardless of size or location, municipalities’ cybersecurity is a critical issue. Focus on the basics first, teaching password and email security, best practices within any organization, and implementing a cybersecurity platform that includes managed services. Mitigating the level of destruction from malware attacks will reduce costs in the long run.

As the world begins to redefine and establish a new normal after lockdown, cyberattacks are not letting up. From attacks on small businesses to the latest Colonial Pipeline attack, ransomware continuously presents itself as a significant threat to cybersecurity.

According to Cybercrime Magazine, experts predict there will be a ransomware attack every 11 seconds in 2021. Scary to think about, right? The power lies in organizations’ hands to stay vigilant and protected from ransomware attacks and groups like DarkSide. Now, consider this: if cyberattacks have the power to take down some of the largest businesses in the world, what can they do to your organization?

Let’s step into the world of ransomware to gain a deeper understanding of what is happening in one of the industry’s fastest-growing cyber nightmares.

Ransomware’s Truth

As stated by the Cybersecurity and Infrastructure Security Agency (CISA), ransomware is “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”

As cyber criminals grow sharper by the day, it is no surprise that ransomware has become a 1.4-billion-dollar industry. This dangerous type of malware can do irreparable damage, as it uses vulnerabilities to infect an organization’s overall system or network. Through its various methods, including screen lockers, encryption, and scareware, ransomware can terrorize every industry. Your organization should consider what your cybersecurity infrastructure looks like; if you are not confident that it is built to withstand powerful attack attempts, it is time to start looking for ways to improve.

What is DarkSide Ransomware?

DarkSide is a group that stopped us all in our tracks. Consumers were lined up at every gas station down the East coast, filling up their cars, containers, and even plastic bags following the group’s latest victim, the largest fuel pipeline in the United States, Colonial Pipeline Co. According to CISA:

DarkSide “is ransomware-as-a-service (RaaS)—the developers of the ransomware receive a share of the proceeds from the cybercriminal actors who deploy it, known as ‘affiliates.’ According to open-source reporting, since August 2020, DarkSide actors have been targeting multiple large, high-revenue organizations, resulting in the encryption and theft of sensitive data. The DarkSide group has publicly stated that they prefer to target organizations that can afford to pay large ransoms instead of hospitals, schools, non-profits, and governments.”

Groups like DarkSide are only going to get faster, smarter, and harder to defeat. This truth poses a critical message to the cybersecurity industry that now is the time to tighten up. This recent breach has left the entire country wondering: what’s next?

The Basics of a Ransomware Attack

Ransomware at the most basic level can infect your computer in many ways. According to UC Berkeley’s Information Security Office, “Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.” Once a cybercriminal has gained access, they stay in your network for several weeks or months, and then invite the malware team to install ransomware.

Using the Colonial Pipeline as an example, Insider reported the company’s CEO revealing that attackers targeted a system that relied on a single password instead of multi-factor authentication. The password for the organization’s virtual private network (VPN) was previously leaked on the dark web, leading to it being compromised. Consequently, this single compromised account caused a massive domino effect, which greatly impacted the country’s economy, cybersecurity posture, and more.

While Colonial Pipeline is the most recent high-profile victim of a ransomware attack, the next organization is not far behind. Let’s just hope they are more prepared. This is where the importance of cybersecurity tools and protocols enters the conversation. Organizations are responsible for their cybersecurity posture and creating a safe network environment. Shifting that responsibility from IT teams to a security and compliance automation platform with a Darknet Exposure Module gives you added layers of security and avoids human-error.

How to Prevent a Ransomware Attack

The reality is that ransomware is a severe problem. If you do not get ahead of it, your organization could face detrimental consequences. As stated above, ransomware intruders typically gain access into networks using compromised accounts that have been stolen using malware or that the intruder has purchased from the deep and dark web.

A security and compliance automation platform with User Entity and Behavior Analytics (UEBA) is the key to stopping ransomware cold. This feature will assist you in detecting lateral movement or anomalous account activity once an attacker has entered your network to monitor the target environment. UEBA lays down a pattern of behavior for every system and account on your network and searches 24/7 for anomalies that provide clues to lateral movement or unusual activity by compromised accounts belonging to legitimate network users.

The only way to avoid becoming a new breach statistic is to invest in strengthening your organization’s cybersecurity posture. When you decide to put your network in the hands of tools designed to protect it, you will find yourself able to work smarter, not harder, to remain resilient against cybercriminals.