Ransomware Attacks August Report – A Sudden Surge of Malware
In a recent month, ransomware attacks increased in numbers, attacking both public and private entities. Texas recorded an unprecedented ransomware campaign, while hospitals and school systems around the globe continue to suffer under malware attacks. At the same time, these attacks pinpoint the importance of cloud backup as a security measure.
Texas under Ransomware Siege
In mid-August, hackers decided to put Texas under ransomware siege, infecting 23 cities’ networks in one go. In a coordinated malware attack, cybercriminals clearly targeted small cities, most of them having a population of fewer than 15,000 citizens. The reason is quite simple. Local governments lack resources and knowledge on how to fight online threats. Thus, they become easy targets for hackers, in what it seems to be the biggest ransomware attack similar to Baltimore city’s incident.
Affected entities include cities of Kaufman and Wilmer, Grayson and Lubbock counties, Bonham, Graham and Vernon police departments. The biggest affected county is Lubbock, with a population of 305,000 residents.
Smaller counties, however, did not have that luck. Most of them outsourced their IT departments to local managed service providers (MSPs). So far, reports suggest that ransomware affected MSPs first and then entered municipalities’ systems.
So far, The Texas Department of Information Resources (TDIR) organised coordinated efforts in liberating local authorities from malware clutches. Both the FBI and Department of Homeland Security are part of the recovery processes, trying to uncover culprits behind the ransomware attack. Although police departments are already tracking a few suspects, they are currently under a lot of pressure to get results.
Speaking to CNN, Allan Liska from cybersecurity firm Recorded Future stated that Texas ransomware attack is unprecedented in terms of its size. “We haven’t seen this kind of coordinated ransomware attack against municipalities before.” Thus, shows that hackers are slowly shifting their attention from individuals towards more lucrative targets – local authorities.
Hackers Demand $2.5 Million Ransom
According to the local online news outlet, hackers demand $2.5 million ransom for the decryption code. Apparently, one of the mayors of the affected countries came out in public, stating that authorities have been contacted by the cybercriminals. However, police departments are yet to identify who is behind the ransomware attack, with hackers remaining anonymous.
TDIR representative, Elliott Sphere, responded to the inquiry that so far, none of the affected counties paid the ransom.
Texas County Shows How to Shake Ransomware Off
Interestingly, Lubbock’s management was the quickest to respond to the malware attack. The county judge, Curtis Parrish, responded to the local news regarding the network status following the ransomware breach.
“Our IT department was right on top of it. They were able to get that virus isolated, contained, and dealt with in a very quick manner so it did not affect any other computers,” he said.
Using quick understanding of the situation and their own IT firepower, the county managed to shake virus off the network.
Ransomware is a Growing Threat to the US Voting System
A coordinated Texas attack serves to show just how dangerous online threats are. Many cybersecurity experts believe it to be a warning sign that ransomware is a growing threat to the U.S. voting system. Many States’ officials feel threatened as the 2020 voting days are nearing. Thus, it is not surprising that local communities are taking steps not to become part of the ransomware attacked group.
Matt Deitrich, Illinois’ State Board of Elections’ spokesperson, indicated that changes in the online voting system are already in the works. Apparently, voting registering database would be accessible only through a closed fibre-optic network. Thus, the State plans to move form open internet access to a private platform, securing it against external threats.
Deitrich stated that if hackers access the database, unprecedented damage will occur. “It’s a phenomenon that can undermine voter confidence,” Deitrich said. With their “business model” being quite successful, it is natural that elections in 2020 might see some large changes. Otherwise, the Wisconsin Elections Commission is also planning to take necessary steps to improve State’s online safety capabilities. Spokesperson Reid Magney stated that Wisconsin’s 1,850 municipalities have poor security layers set in place.
“Our concern is more that one of those 1,850 municipalities might be hit by a ransomware attack somewhere around the time of an election,” Magney said. As such, the Agency plans to fund additional network protection programs, to build defence systems for the upcoming elections.
By the end of August 2019, the Department of Homeland Security sent a warning to all local authorities regarding security measures that they should implement. Thus, it seems that the U.S. is coordinating security improvements to meet the 2020 year with more confidence.
Dentists are within the Ransomware Radar
If anyone thought that local authorities are the main target, news shows that dentists are within the ransomware radar as well. According to CNN’s findings, about 400 dental practices within the US experienced a ransomware attack, crippling their networks.
On August 27th, two companies from Winsconsin, Percsoft and the Digital Dental Record, announced that their networks were breached. Through these, other 400 dentist offices were infected, spreading the ransomware virus through a shared network on Monday morning. Consequences were immediate and severe, as witnessed by Clinical Coordinator at Dentistry Design in McFarland, Shae Johnson.
“We have no access to the patient charts, schedule, x-rays, or payment ledger,” he said. “The doctor cannot do the proper treatment without a chart history and x-rays.” A spokesperson from Digital Dental Record, Brenna Sadler, stated that system restoration is underway. However, doctors cannot receive patients as major services are unavailable.
Most medical staff put in a lot of effort to work around the issue by switching to manual systems. Although some sites indicated that ransomware came from the Sodinokibi family, company representatives and officials did not confirm any further details regarding the attack. So far, hackers remain unknown.
Gamers Feel the Ransomware Heat
Recently, gamers feel the ransomware heat as hackers try out ages-old techniques to lure victims out. Namely, Fortnite players that wanted to cheat within the massive multiplayer platform downloaded a third-party application, called SydneyFortnite. Players would then need to install it as a desktop client through .exe extension. However, instead of providing cheats, the app would lock down the computer.
In what seems to be a new development, ransomware Syrk would be deployed within victims’ computers. Malware proceeds by deleting several folders in a short period and periodically repeats the process. Victims are put into pressure to activate decryption code immediately, to stop the onslaught of deleted files.
However, the ransomware comes with a major weakness, as the said decryption code is located in the folder installed by the application. Thus, players can locate the file containing the encryption password (found in AppData) and stop ransomware pretty easily.
China hospitals are under Ransomware Fire
Moving away from the U.S., it seems that hospitals from China are under ransomware fire. As reported by Taipei Times, about 56 hospitals experienced a devastating ransomware attack. As a result, numerous computer systems got into a lockdown. Hospitals involved include ministry-owned organisations, local but big hospitals, and several large clinics.
Initiated on August 29th, the ransomware did cripple systems by locking files out. However, IT departments worked around the clock and forced the malware out of the network within the day. Moreover, during the time of the lockdown, no sensitive information was lost. Thus, hacker demands were not fulfilled by hospitals. Almost all healthcare providers managed to get out of the situation by implementing backups and file restoration.
China’s Ministry of Health and Welfare stated that, although the situation was resolved favourably, the question remains regarding hackers’ identities. So far, no other information was provided on cybercriminals’ demands or what type of ransomware was used in the attack.
U.S. Hospitals not spared either
Yet again, we go back to N. America, where U.S. hospitals are not spared either. The healthcare provider from Washington seems to finally provide details regarding the June ransomware attack. Grays Harbor Community Hospital and Harbor Medical Group were part of the Daily World’s investigation recently, with interesting facts coming out as a result.
Namely, hackers demanded $1 million in ransom payment for the release of the decryption code. The ransomware entered the system through the click made by an employee. From there, it locked all files and slowed down hospitals’ operations significantly. The IT department managed to shut down the server, but ransomware was already within the network where it spread around the system easily.
Moreover, it seems that backups were infected as well, rendering them useless. Thus, officials made a decision to scrap databases and remove malware manually. It is still unclear whether hospitals can regain missing files. Two months in, the public is yet to hear hospitals’ response regarding the cybersecurity breach.
Dubai Contracting Firm Experiences Ransomware Attack
Even private companies can feel the malware heat, as Dubai contracting firm experiences ransomware attack. The contracting firm Dubai Silicon Oasis, based in U.A.E., saw its computer systems locked after one of the employees clicked a bail mail. Dharma crypto-ransomware is to blame, which locks all files within a network. Hackers made their demands quite clear, asking for a $300 value of Bitcoins.
Mohammad Ibraheem, one of the firm’s employees, expressed his frustration to the local news. “We don’t know what to do and how long this siege will last. We have tried everything, but nothing seems to work. I have spoken to IT experts in the UAE and India but no one has been able to help. All our computers have been rendered useless,” he said.
Ibraheem said that he contacted the hacker, where he got the demand numbers. In exchange for Bitcoins, cybercriminals would release decryption codes that would unlock the company’s system. So far, the organisation refused to provide the payment and continue to restore their data sets following the devastating ransomware attack.
Several Schools have Computers Blocked by Ransomware
Educational systems continue to show weaknesses as several schools have computers blocked by ransomware attacks. New Kent County Public Schools and Rockville Centre school district from Long Island, New York, faced challenges after their networks were shut off by a malware.
Superintendent Brian J. Nichols from New Kent schools stated that computers are completely locked off. Staff members are forced to take notes and switch to manual systems. To fix the situation, the school opted for a cybersecurity expert to unlock data from infected computers. Additionally, the FBI is already on the case, trying to uncover who hackers were. So far, the curriculum continues to function normally, despite the hardships faced after the ransomware attack.
Rockville Centre schools, on the other hand, have succumbed to the ransomware demands. Namely, the school’s management paid $100,000 worth of Bitcoins to get decryption data and restore their network. Thus, they join a long list of public organisations that could not fix the issue and paid for it.
Canon Cameras are Vulnerable to Ransomware Attacks
On a side note, interesting research results came out in mid-August, pinpointing that Canon cameras are vulnerable to ransomware attacks. Check Point Software Technologies issued a report stating that researchers have found a way to easily transfer ransomware into digital cameras. Using standardized Picture Transfer Protocol and Wi-Fi connection, cameras could be compromised as well.
Moreover, researcher Eyal Itkin found that touristic places with poor Wi-Fi security are very lucrative for hackers. Cameras hold personal files, such as images and videos that victims would not let go that easily. To defend against these ransomware mechanisms, smart devices should be used only under a secure Wi-Fi connection.
Coming out with, our concluding remarks mostly revolve around the importance of online security. Most of the victims in August 2019 are schools and small communities around the world. What connects them is the lack of security systems that hackers can penetrate quite easily.
Thus, cloud backup services, like the ones provided by the BOBcloud platform, are crucial in keeping your files secure. Regular safety checks and file updates can save you from having to pay for decryption codes, which you may not even get from cybercriminals.