Home SecurityData Breach Have you been ransomware’d yet?

Have you been ransomware’d yet?

by ethhack

If you don’t know what ransomware is, chances are you haven’t been victimized – yet. Let’s clear the fog. Ransomware is a type of virus designed to deny access to a computer system or data until a ransom is paid.

Some of the most vulnerable and critical agencies are being targeted – state, city and educational institutions. Recent state and local ransomware attacks include the cities of Baltimore and Albany, school districts in Louisiana and 23 cities in Texas. And this is only going to get worse.

With that doomsday prediction out of the way, it’s instructive to get an idea why this is happening.

  1. The targets typically do not have adequate security technical expertise to keep up with software patches, ensure they have the appropriate security tools to keep their systems safe or even have a good ongoing data hygiene practice in place.
  2. The attackers have good understanding of how critical functions like tax payment systems or tuition e-commerce sites are the lifeblood of these taxpayer funded entities and other smaller institutions. And the longer they are offline the greater the propensity for the victim to feel the pain and pay up.
  3. Past success is a harbinger of future growth. This may sound outlandish, but it’s true. Once the miscreants see that these targets have been paying up, all local, state, educational institutions become sitting targets.
  4. And with every passing attack, the chances of the next victim having cybersecurity insurance is greater which means a greater opportunity (and quicker too) of getting paid.

There are also lessons to be learned from how some of these affected entities decided to deal with the issue. There is no uniform or consistent response from these organizations. For instance:

  • Mayor Bernard C. Jack Young of Baltimore took to Twitter to defend his decision not to pay the ransom of $80000 in cryptocurrency and instead is now paying the price as the costs of the ransomware attack have reached $18 million including remediation, new hardware, and lost or deferred revenue.
  • West Haven, CT messaged that their police IT experts determined the best course of action, given all the available information, was to pay a one-time fee of $2,000to unlock servers. The money was paid in digital currency. The data restoration of a critical system occurred shortly after the completion of that transaction.
  • Roseburg, OR public schools superintendent Gerry Washburn said that they exhausted all efforts to avoid paying the requested ransom out of concern that more damage could be caused; however, the experts ultimately determined that the solution was worth the risk

So that is where we stand today in terms of why this is happening and how inconsistent the responses are from these unfortunate victims.

But that’s only half the story. There needs to be an urgent and frankly existential need to shore up the defenses NOW.

Copyright © 2019 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment