Ransomware is one of the most dangerous cyber threats, and it affects people, businesses, governments, and critical infrastructure around the world. This article outlines what we learned about the 2020 Ransomware Attack against Baltimore City School District and what Bloomington Illinois and Normal Illinois can do to protect our critical infrastructure.
What is ransomware?
Ransomware is a type of malicious software that encrypts a victim’s data and demands a ransom payment in order to unlock it. It is one of the most dangerous cyber threats and it has become increasingly prevalent in recent years.
Ransomware can be spread through malicious websites, malicious email attachments, and malicious software applications. It can also be spread via infected USB drives, malicious links, and other malicious code.
Once a ransomware attack has been launched, the attacker will demand a ransom payment in order to unlock the encrypted data. The ransom payment is usually paid in the form of cryptocurrency, such as Bitcoin.
The danger of ransomware is that even if the ransom payment is made, there is no guarantee that the attacker will actually unlock the encrypted data. In some cases, the attacker may even increase the ransom amount once the payment has been made.
The history of ransomware attacks against municipalities
Ransomware attacks against municipalities are becoming increasingly common. In 2020, there were a number of high-profile ransomware attacks against municipalities around the world, including a major attack against the City of Baltimore.
The attack against Baltimore was the most damaging ransomware attack against a municipality in U.S. history. The attackers encrypted the city’s data and demanded a ransom payment of $75,000. The city refused to pay the ransom and instead resorted to restoring its network from backups.
The attack caused significant disruption to the city’s operations and cost the city an estimated $18 million in recovery costs. It also highlighted the vulnerability of municipal networks and the need for better cybersecurity measures.
Other municipalities have also been targeted by ransomware attacks, including the cities of Atlanta and Greenville, North Carolina. In both cases, the attackers demanded ransom payments of $51,000 and $1.2 million, respectively.
The dangers of ransomware against the Bloomington/Normal community
The Bloomington/Normal community is not immune to ransomware attacks. In fact, the community is at an increased risk due to its reliance on critical infrastructure such as water and electricity.
If a ransomware attack were to be successful, it would have a devastating effect on our community. The attackers could potentially gain access to sensitive data, disrupt essential services, and cause financial losses.
The attack could also have a psychological impact on the community. Residents of the community could be left feeling vulnerable and uncertain about their safety.
Therefore, it is essential that the Bloomington/Normal community takes steps to protect itself from ransomware attacks.
Protecting critical infrastructure from ransomware attacks
The first step in protecting critical infrastructure from ransomware attacks is to ensure that all devices are patched and up-to-date. Regularly patching devices will ensure that any known vulnerabilities are addressed and reduce the risk of a successful attack.
The second step is to ensure that all users are aware of the potential dangers of ransomware and are trained to identify suspicious emails and websites. This will ensure that users are less likely to fall victim to phishing attacks, which are often used to spread ransomware.
The third step is to use a robust managed detection & response (MDR) to protect against malware. This will ensure that any malicious software is detected and removed before it can cause damage.
The fourth step is to ensure that all backups are regularly updated and securely stored. This will ensure that in the event of a successful attack, any data that has been encrypted can be quickly restored. Leading edge backup solutions like DATTO can scan your backups for ransomware, ensuring ransomware does not infect your recovery strategy.
The fifth step is to implement anti phishing email security which can spot emails that are pretending to be from a known vendor or internal employee. Phishing is top way cybercriminals gain access to municipality networks to spread ransomware.
The sixth step is to remove your critical infrastructure from the internet. Being disconnected from the internet is the most powerful way to keep critical infrastructure protected. If this is not possible, having a controlled access point into the network, one that can fully scan encrypted traffic, provide sandboxing, and covers 100% of the MITRE Attack framework is an absolute must.
Finally, it is important to ensure that the community has a robust incident response plan in place. This will ensure that the community is prepared to respond quickly and efficiently to any ransomware attack.
In addition to the steps above here are ways to protect our infrastructure from ransomware attacks:
- Vendor consolidation: Having fewer but more capable IT security vendors will simplify your operation and create stronger alignment around your cybersecurity objectives.
- Managed Detection & Response (MDR): MDR is proactive in nature and constantly monitors for potential threats, while antivirus is reactive and only detects known malware after it has entered your system.
- Network Detection & Response (NDR): NDR is proactive in nature and scans east/west traffic (connections already passed your firewall and moving within your network) and leverages artificial intelligence to identify what the traffic is and is it malicious.
- Multifactor Authentication: Requiring a second form of authentication, such as a fingerprint or a code sent to a mobile device, makes it more difficult for cybercriminals to gain access to an account.
- Conditional Access: Restrict access to sensitive data based on specific conditions, such as device type, location, and network.
- Penetration Testing: Regular penetration testing identifies vulnerabilities and weaknesses in your security defenses. By knowing your weaknesses, it allows IT leaders to secure the budget needed to close security holes.
- File Encryption: Classify data to only be accessible by specific individuals. If information leaves your network, whether it was stolen on a thumb drive or sent digitally through email or a file sharing service, that data cannot be opened because it is encrypted on the file level.
- Cybersecurity Taskforce: A cybersecurity taskforce is crucial for protecting against new and emerging threats. The importance of identifying changes in the cybersecurity industry is critical to staying ahead of cybercriminals.
Our top list of municipalities which experienced ransomware attacks
- The ransomware attack on the city of Baltimore in 2019 caused significant disruption to city services, including the city’s 911 system and email servers.
- The ransomware attack on the city of Atlanta in 2018 resulted in the city having to pay a ransom of $51,000 to regain access to its data.
- The ransomware attack on the city of Newark in 2020 caused disruption to the city’s email and phone systems, as well as other online services.
- The ransomware attack on the city of Riviera Beach in 2019 resulted in the city paying a ransom of $600,000 to regain access to its data.
- The ransomware attack on the city of Greenville in 2019 resulted in the city’s computer systems being shut down for several days, and the city ultimately decided to pay a ransom to regain access to its data.
- The ransomware attack on the city of Lodi in 2020, the attackers demanded a ransom of $25,000 in Bitcoin, the city refused to pay the ransom and managed to restore their systems from backup.
- The ransomware attack on the city of Lake City in 2019 resulted in the city paying a ransom of 42 Bitcoins (roughly $460,000) to regain access to its data.
- The ransomware attack on the city of New Bedford in 2019 caused disruption to the city’s phone and email systems, as well as other online services.
- The ransomware attack on the city of Keene in 2019, the attackers demanded a ransom of $5,000 in Bitcoin, the city refused to pay the ransom and managed to restore their systems from backup.
Ransomware is one of the most dangerous cyber threats and it is essential that the Bloomington/Normal community takes steps to protect itself. By following the steps outlined here, the community can protect itself from ransomware attacks and keep its critical infrastructure safe.
The community also has access to a number of excellent local IT service providers who specialize in protecting against ransomware. By taking advantage of these resources, businesses and individuals can ensure that their systems are secure and their data is safe.