Your money or your data: Ransomware attacks leave everyone vulnerable

Having secure backups of information is key to thwarting sticky-fingered hackers

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

How bad has the ran­somware prob­lem become? The state audi­tor of Ohio held a news con­fer­ence because local gov­ern­ment agen­cies keep falling for ran­somware attacks. And a firm that tracks domain activ­i­ty found a 3,500 per­cent increase in ran­somware-relat­ed domain name reg­is­tra­tions in the past quar­ter. Hack­ers love to cut and paste, so imi­ta­tion is the surest sign that some­thing is working.

Recall the high-pro­file, alarm­ing ran­somware attacks ear­li­er this year on hos­pi­tals. These “your mon­ey or your data” crimes can do a lot of dam­age quick­ly, and con­fused orga­ni­za­tions brought to their knees by miss­ing mis­sion-crit­i­cal data often pay up. Of course, small­er orga­ni­za­tion with few­er IT resources are at greater risk.

Relat­ed sto­ry: SMBs in cross-hairs as ran­somware becomes more dif­fi­cult to dodge

Exam­ples from one state

Here’s what’s going on in Ohio. Audi­tor of State Dave Yost issued a warn­ing June 9 to trea­sur­ers, fis­cal offi­cers and oth­ers respon­si­ble for spend­ing pub­lic mon­ey that cyber­crimes tar­get­ing gov­ern­ment are “on the rise.” And he offered these examples:

  • An inves­ti­ga­tion con­tin­ues in an east­ern Ohio coun­ty after the county’s court data was attacked by ran­somware May 31. A virus had encrypt­ed the court’s data, and hack­ers demand­ed $2,500 for the key to unlock the infor­ma­tion. Because a recent copy of the data wasn’t avail­able, the coun­ty agreed to pay the $2,500. (Note: Because the trans­ac­tion is ongo­ing, the coun­ty is not identified.)
  • A sim­i­lar ran­somware attempt was made April 5 in Ver­non Town­ship (Clin­ton Coun­ty). That cyber attack did not result in the pay­ment of any ran­som because the township’s data was backed up.
  • In Peru Town­ship (Mor­row Coun­ty), the town­ship fis­cal officer’s com­put­er began screech­ing on March 9 before a notice appeared on the screen advis­ing that a solu­tion was avail­able by call­ing an 800 num­ber. The town­ship paid $200 to stop the attack.

In sep­a­rate, non­ran­somware inci­dents, an employ­ee at Big Wal­nut Local School Dis­trict in Delaware Coun­ty was tricked into issu­ing a check for $38,520 to a hack­er. The mon­ey was recov­ered before it was lost. The Madi­son Coun­ty Agri­cul­tur­al Soci­ety wasn’t as lucky; it was scammed out of $60,491 through some­one pos­ing as the IRS, col­lect­ing back taxes.

Thieves get­ting more savvy

We’ve all seen and heard about the crim­i­nals who try to steal our per­son­al funds. These scam­mers would like noth­ing more than to get their sticky fin­gers on our tax dol­lars, too,” Yost said. “We need to be vig­i­lant because they are becom­ing increas­ing­ly sophis­ti­cat­ed in how they attempt to steal mon­ey through the internet.”

Relat­ed sto­ry: Cyber crim­i­nals use ran­somware to hook big fish

Yost is right. Net­work secu­ri­ty firm Infoblox report­ed recent­ly that hack­ers were falling over one anoth­er to set up web­sites relat­ed to ran­somware scams. The firm tracks domain reg­is­tra­tions as a way of mon­i­tor­ing the inter­net for threats, and it says it found a 35-fold increase in new­ly observed ran­somware domains from the fourth quar­ter of 2015.

There is an old adage that suc­cess begets suc­cess, and it seems to apply to mal­ware as in any oth­er cor­ner of life. In the first quar­ter of 2016, there were numer­ous sto­ries in the news about suc­cess­ful ran­somware attacks on both com­pa­nies and con­sumers,” the firm said. “We believe the larg­er cyber crim­i­nal com­mu­ni­ty has tak­en notice.”

Costs of breach climb

Accord­ing to the FBI, ran­somware vic­tims report­ed costs of $209 mil­lion in the first quar­ter, com­pared to $24 mil­lion for all of 2015.

Unless and until com­pa­nies fig­ure out how to guard against ransomware—and cer­tain­ly not reward the attack—we expect it to con­tin­ue its suc­cess­ful run,” Infoblox said.

Yost said all the crimes began with some vari­a­tion of phish­ing, and urged all gov­ern­ment employ­ees to be on alert.

The inter­net is the tool of choice for crim­i­nals, and we need to make it as dif­fi­cult as pos­si­ble for thieves to access com­mu­ni­ty trea­sure chests,” Yost said.

The best way to do that, as Ver­non Town­ship showed above, is to keep good backups.

Sto­ries relat­ed to ransomware:
Under­stand­ing ran­somware helps orga­ni­za­tions devise solutions
Ran­somware is a real and per­sis­tent threat, even to Apple users
Hos­pi­tals show lit­tle resis­tance to ran­somware virus


Posted in Cybersecurity, Data Security, News & Analysis