According to the Department of Homeland Security, ransomware is the fastest-growing malware threat in the United States. Perhaps there is no better evidence of this assertion than the fact that three Florida cities recently became victims of ransomware. Further, two of the cities paid over $1 million in ransom to cybercriminals so that they can regain access of their systems and data. Clearly, ransomware is a threat that individuals and organizations of all sizes and in all sectors must address.
What Is Ransomware?
Ransomware is a form of malware that takes control of the data on a computer, network, or server. Generally, ransomware encrypts the data on the affected devices and the attackers hold the data hostage until the victim pays a ransom. Upon paying the ransom, the attackers provide the victim with the key necessary to decrypt the data. However, a recent trend in ransomware attacks is that the attackers never provide the encryption key to the victims, even after receiving payment of the ransom. In such cases, the victims permanently lose access to their data if there is no backup available.
summarizing the florida ransomware attacks
As mentioned previously, three Florida cities fell victim to ransomware attacks recently. Following is a summary of each of these attacks.
Riviera Beach, Florida is a small city of 35,000 residents located north of West Palm Beach. Beginning on May 29, the city became yet another municipal victim of a ransomware attack. Other larger cities that have fallen prey to ransomware include Baltimore ($18 million in damages) and Atlanta ($17 million in damages). In the case of Riviera Beach, the City Council voted unanimously on June 17 to pay the cybercriminals 65 Bitcoin – approximately $592,000 – to regain access to the data held hostage.
Like many attacks, the Riviera Beach attack was precipitated by an individual clicking on a “phishing” email that contained an infected attachment. Upon doing so, ransomware infected the city’s information technology devices and all city operations were forced offline. In addition to paying the ransom, Riviera Beach will also spend approximately $941,000 to replace approximately 400 computers and other hardware.
Located in the northern portion of Florida, the Lake City government also fell victim to a ransomware attack. City officials first disclosed the attack on June 10. Despite the city’s IT staff detecting the attack within 10 minutes and beginning containment operations immediately, the attack spread quickly, shutting down virtually all of the local government’s devices and network.
To regain access to the city’s technology infrastructure, city officials recently authorized payment of 42 Bitcoin ($490,000) to the attackers. Similar to the Riviera Beach attack, the attack originated with an employee clicking on a phishing email message. In this case, the attack caused the city to lose access to its email system and 911 dispatchers not being able to enter calls into their computers.
The third of the Florida cities to fall victim to ransomware was Key Biscayne. Key Biscayne’s Village Manager, Andra Agha, reported that the event occurred on June 23. While the source of the attack has not been reported (as of July 1), most analysts believe that the cause of this attack was also an employee clicking on a phishing email message. Likewise, there is no word yet on the amount of ransom being demanded or the village’s planned response.
how to minimize the risk of ransomware
While no single remedy exists to completely eradicate the risk of ransomware, several techniques can prove be successfully in reducing the threat. The Department of Homeland security recommends the following procedures:
- Deploy computer patches and updates regularly.
- Avoid opening web links and clicking web links from unknown senders.
- Find out if a website encrypts data before submitting any personal information on the site.
- Track the latest cybersecurity trends.
- Deploy antivirus software, firewalls, and other security solutions.
In addition to the above steps, all organizations should regularly train team members on various cybersecurity risks. Further, conduct periodic “white-hat” tests to reinforce the need for 24*7*365 vigilance against cyberattacks of all types.
Perhaps most important, ensure the adequacy of data backup procedures, including offsite storage of backups. In the event of an attack, a backup might be your only way to recover your data.
Ransomware is a real, persistent, and growing threat and virtually every organization is subject to a ransomware attack. To avoid becoming yet another victim, it is imperative that all individuals in the organization realize and understand the critical nature of the risk. Further, IT staffs must be proactive in mitigating the risk, instead of passively waiting and responding to an attack. The risk is real and the costs are real; can the same be said of your team’s efforts to address the risk?
Want to Learn More About Ransomware?
Join the K2 team for K2’s Ransomware – Reducing Your Risk, a 1-hour CPE course in which you will learn about ransomware and how to protect yourself from it.