Alabama ransomware attack is painful reminder to think before clicking on email

With few resources to stay on top of security, local governments especially vulnerable

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Last week, if you want­ed a vehi­cle tag or a license in Mont­gomery Coun­ty, Alaba­ma, you were out of luck.

Bob Sul­li­van, jour­nal­ist and one of the found­ing mem­bers of msnbc.com

Hack­ers knocked many coun­ty com­put­ers offline with a ran­somware attack, local offi­cials say. The pro­bate office took the worst of the attack, which hit late Mon­day, so busi­ness licens­es, mar­riage licens­es, and vehi­cle tags were all unavail­able. (Driver’s license sys­tems were not impact­ed.) So was the coun­ty sheriff’s website.

Hack­ers request bitcoins

We noticed the sys­tem was act­ing up at about 4:55 p.m. Mon­day, and this morn­ing we were locked out. That’s when we were giv­en a ran­som. They said they want­ed ‘bit­coins,’” Han­nah Hawk, man­ag­er of pub­lic affairs for Mont­gomery Coun­ty, told the Mont­gomery Adver­tis­er. “Due to the attack, the county’s sys­tem has been locked up, and ser­vices the coun­ty pro­vides will be impacted.”

 Relat­ed arti­cle: Small­er orga­ni­za­tions, agen­cies must defend new dig­i­tal risks

In what may or may not be a relat­ed inci­dent, secu­ri­ty firm Bar­racu­da Net­works said it was mon­i­tor­ing wide­spread ran­somware attacks that began last Mon­day. The firm says it detect­ed some 20 mil­lion boo­by-trapped emails laced with ran­somware dur­ing a sin­gle 24-hour peri­od; an update says a total of 27 mil­lion emails have been captured.

These attacks are wrapped in either an Herbal­ife-brand­ed email or a gener­ic email that imper­son­ates a ‘copi­er’ file deliv­ery,” Bar­racu­da said.

Emails come from around the world

A major­i­ty of the emails orig­i­nate in Viet­nam, the firm says, but some also are sent from com­put­ers in India, Colom­bia, Turkey and Greece.

As is typ­i­cal in a ran­somware attack, vic­tims who are tricked into open­ing the attached file can have their files encrypt­ed and must pay the attack­ers to restore those files.

Con­sumers should nev­er open unex­pect­ed attach­ments, even if they appear to come from friends or trust­ed companies.

Small gov­ern­ment agen­cies in cross-hairs

Local gov­ern­ment com­put­er sys­tems are a favorite tar­get for hack­ers; many small­er agen­cies have few­er resources to keep secu­ri­ty sys­tems up to date. There were sev­er­al sim­i­lar inci­dents in Ohio last year. One county’s court sys­tems were locked, and the agency end­ed up pay­ing $2,500 to restore them, for exam­ple. The prob­lem got so bad that Ohio Audi­tor of State Dave Yost actu­al­ly held a news con­fer­ence urg­ing local gov­ern­ments to stop falling for the scams.

We’re not the first enti­ty to go through this. We are work­ing dili­gent­ly to get things restored,” said Lou Lalac­ci, Mont­gomery County’s chief infor­ma­tion and tech­nol­o­gy offi­cer, to MontgomeryAdvertiser.com. “No per­son­al infor­ma­tion has been compromised.”

More sto­ries relat­ed to ransomware:
Steps to avoid being infect­ed by the ran­somware pandemic
Ran­somware attacks are a fact of life, so real-time detec­tion, response is critical
Evo­lu­tion of a threat: Expect ran­somware tar­gets, meth­ods to broaden

 


Posted in Featured Story