Even with ransomware attacks down across the board this year compared to 2017, a lot of companies and government entities are still being targeted and infected with ransomware. The main reason for this decline is that targeted ransomware attacks are becoming more common so instead of ransomware authors seeking mass infections they are using precise infection vectors to achieve initial compromise. This is why we’re creating this list of some of the companies that were attacked with ransomware this year, and the details following each attack. Find out why your company should be concerned about cyber security and the cyber security solutions we include with our Managed IT Services.
In late August of this year, Coweta County Georgia was attacked with ransomwarre, however they largely restored the servers following the ransomware attack. How did they restore the servers without paying the $340,000 ransom you might ask? Their servers had been backed up the night before the attack and the county was able to restore the servers responsible for airport, voter registration, court, and public safety service within two weeks of the attack and ransom demand. In March, hackers also infected and demanded ransom for much of Atlanta’s computer network, disrupting the city’s services and forcing some of the departments to perform their jobs on paper. The city of Atlanta also refused to pay the ransom on advice of federal agents
Also in August of this year, the PGA of America found itself with some not-so-fun work to do after ransomware infected several computer systems. According to a report from Golf Week, the ransomware encrypted a variety of files connected to that week’s Championship as well as other upcoming events. Files with promotional materials and logos that were created for print and digital advertising were encrypted, and decryption was not an option; not without paying the ransom. Bleeping Computer pointed out similarities between the ransom note that was left on PGA of America’s systems and those created by the BitPaymer ransomware. There are currently no freely available decryption tools and the ransom note makes that quite clear. The note provides a bitcoin wallet address as well as a pair of encrypted email addresses. The amount of the ransom was not specified, however, the previous BitPaymer attack demanded 53 Bitcoins (around $340,000). The PGA of America has said that they do not intend to pay the ransom.
It’s important to understand that no business should ever pay the ransom, no matter what, due to the following reasons:
- Victims that pay the ransom are often targeted again by other cyber hackers, and sometimes even the same groups.
- After paying the original ransom, some companies are instructed to pay even more to get the promised decryption key.
- Paying encourages this type of criminal business model and provides those cyber actors with a bigger budget to then further their attacks and explore new attack vectors.
- Finally, paying a ransom does not exactly guarantee that an organization will regain access to their data. Many companies and individuals have paid the ransom and were never actually provided with the decryption keys.
Two different cyber-attacks on Riverside, OH’s fire and police department servers have affected law enforcement in ways that were not originally disclosed to the public. One of these is the fact that Riverside, Ohio could lose access to one of the state’s police computer networks if they were attacked again. The ransomware attacks occurred in April and May and have cost the city tens of thousands of dollars and shut down the police department’s records management system that is used to create and store investigative reports. The Dayton Daily News found that police not only lost the ability to access and print past reports but at one point lost the ability to make digital reports altogether. This forced police officers to resort to hand writing reports and typing incident narratives into Microsoft Word so that they could then be scanned into the system once it was restored. Riverside’s ‘data at rest’, which is information stored on, but not in transit, over the police department’s network uses very basic controls with no encryption according to an email from the IT contractor of the city of Riverside. It is an extremely bad practice for any police department or even regular organization to not encrypt sensitive data.
In July of this year, Health Management Concepts (HMC) experienced a ransomware attack that quickly turned into a healthcare data breach. The attorneys for HMC informed the New Hampshire AG that the company discovered a server it used to share files with its clients was infected by ransomware on July 16th. They then discovered that on July 19th the attackers were able to obtain a file that contained the personal information including names, social security numbers and health insurance plan data on IBU members. HMC was not able to explain how the file found its way to the attackers and they did not mention how many individuals were affected by this data breach.
SamSam ransomware which has been mostly targeting healthcare organizations has infected healthcare companies such as Hancock Health Hospital, Adams Memorial Hospital, cloud-based EHR provider Allscripts and quite possibly the Case Regional Medical Center. The SamSam ransomware attacks have netted the creator $6 million so far, according to a report by the security firm Sophos. According to McAfee, the healthcare sector saw a 47% jump in cyber-attacks in the first quarter of 2018 with several healthcare organizations and hospitals paying the ransom to regain access to their system. We’re proud to offer enterprise-grade technology solutions for the Healthcare industry and are proud to say that none of our Healthcare clients have ever been infected with ransomware. If any of our clients were ever infected, which would be amazing in of itself with the cyber security solutions we utilize, we have data backup and disaster recovery solutions in place that can allows us to restore any affected systems within 24 hours. Don’t let your business become a statistic and end up on a list of companies attacked with ransomware.
The majority of ransomware is spread via immerse spam campaigns that involve hundreds of thousands of emails sent daily. This is why it’s important for any business to have a mail filter in place, and why we include such a filter in our Cyber Security Stack for our clients with our Managed IT Services. Mail filters stop the junk and malware emails but let the good emails through and messages that contain offensive, harmful or policy violating content are held in quarantine and are left for review of either the company designated administrator or individual users. The spam campaigns themselves usually include seemingly benign attachments that can deploy ransomware across an organization with just one click.
How would you feel if your company suddenly became the victim of a ransomware attack? Cyber security is no joke and a necessity in this digital age. Contact us for a free network and cyber security assessment today and allow us to protect your business from future cyber-attacks.