Next Up on the Ransomware Hit List? Cities

Usually, ransomware makes headlines when huge corporations or organizations are held captive. There’s the implicit threat of compromised data if the corresponding ransom isn’t paid or backups aren’t in place. It’s bad, but its impact on the average person can seem muted.

What happens when the cybercriminals behind ransomware attacks set their sights a little higher?

Recently, the city of Atlanta, Georgia found themselves victim to an infrastructure-crippling ransomware attack. Here’s what happened and why both private and public organizations should be concerned.

The Attack

This virus took Atlanta by surprise on March 22, leaving officials to tell city employees that they shouldn’t even turn on their computers and residents that they were unable to process electronic payments for water bills or parking tickets. After five days of downtime, nearly 8,000 workers were finally able to boot back up their devices, but most of these online payment services were still down and administrators warned employees that the malware might still be active on some devices.

The event played out like your standard ransomware attack, As the New York Times reports, the group behind the attack “locks up its victims’ files with encryption, temporarily changes their file names to ‘I’m sorry’ and gives the victims one week to pay up before the files are made permanently inaccessible.”

While there is still a possibility that a common phishing attack tricked a city employee into letting this malware infest the city’s network, most IT researchers have traced its origins back to the decisions to leave a remote desktop protocol and server messaging block open to the internet — an extremely basic mistake that even the least educated organizations should know better than.

To make matters worse, a local news channel uncovered that “the city received several warnings about malware on one specific city server.” Obvious vulnerabilities and being forewarned that a server might already be compromised — it all adds up to one incredibly shocking act of negligence on the part of Atlanta.

In the Details

This attack obviously came as a shock to many. While for years local governments have been pointed to as users who tend to lack sufficient IT security, having a cyber-criminal actually stand-up act on this weakness paves a new chilling path for cyber-criminals.

Unlike attacking healthcare or financial entities with their own sets of patients or customers, attacking a city affects everyone who lives in that area and depends upon certain services. It simply casts a much wider net. Furthermore, the disclosure that the requested ransom may have only been $51,000 points to another unfortunate conclusion — that these attackers were mainly doing this to directly “troll” or hamper the city itself.

Clearly, this attack should have all organizations worried, not just public entities. If you have taken an eye off your weak points or fail to regularly update your IT security infrastructure, you’re likely leaving yourself open to attacks. BAI Security’s Vulnerability Management allows you to set regular scans of your IT infrastructure so you can uncover weak points before attackers do.

In addition, implementing a next-gen antivirus/malware solution that leverages artificial inelegance, algorithmic science and machine learning to detect AND prevent ransomware from executing on your endpoints in real time is highly recommended.  BAI Security’s Endpoint Protection, powered by Cylance, prevents these attacks from ever even affecting your organization.

Our service and similar offerings are essential steps all organizations need to take today. As the Atlanta incident proves, attackers are just getting bolder. Imagine the steps they’ll take in the future to obtain the real information they can hold over the heads of entities in fields like healthcare and finance. Imagine that a group decides one day, for whatever reason, that it’s your organization they want to take offline for days at a time. Will you be prepared?

Don’t leave anything to risk.

Posted in BAI Security Blog and tagged , , .