Ransomware Attacks Growing in Power: September 2019 Report
Ransomware attacks are growing in power and numbers, sparing no one in the process. Governmental entities, schools, hospitals, and disability service providers all felt the heat of data set encryptions. Few organisations responded with ready-made backups and were spared the pain. However, those that could not afford prolonged systems’ lockdown were forced to pay hackers’ demands. Here is the list of ransomware September news, showing just how devastating these attacks can be.
Texas Recovery from Ransomware Attack Slow but Steady
Judging from the latest reports, it seems that Texas recovery from a ransomware attack is slow but steady. With the attack occurring during the last month, 22 counties immediately deployed specialised cyber teams to battle the malware. So far, most cities restored their systems while few still need to finalise new system construction. Moreover, information sharing between districts proved to be of immense value, since ransomware attack is suspected to be the work of one group.
By applying backup and other restoration tools, Texas state organisations were in a position to refute the attack. As a result, all 22 counties refused to meet hackers’ cumulative $2.5 million demands. With systems functioning at an adequate level a week following the incident, municipalities felt no need to succumb to cybercriminals’ blackmails. Thus, Texas counties avoided the public outrage, which other entities felt when paying hackers for decryption codes.
The Texas Department of Information Resources (DIR), however, has admitted that damages are not small. Most of the administration went on manual labour as email and phone systems were out. However, it seems that authorities were well prepared this time, taught by Baltimore’s disaster. As to prevent any future data loss, DIR advised counties and other agencies to block Tor Exit Nodes and Pastebin.
Another Texas County Attacked through Ransomware
Just as everyone thought that Texas counties would catch a breather, Travis county Appraisal District informed the public that its defences were penetrated through ransomware. On September 11th, local authorities detected a system shutdown, prompting the response from the IT sector of the agency. Luckily, however, appraisals and customer service requests remained safe.
Chief Appraiser Marya Crigler stated to the local news that culprits are yet to be found. “While the District cannot say what variant of ransomware the other local government entities were infected with, the two incidents are similar in that they are both ransomware attacks on local government entities.”
So far, there are no indications that massive August attacks bear any connection with Travis County. In both cases, hackers demanded a ransom payment for decryption keys. Luckily, in both cases, authorities refused to comply.
Massachusetts City Says NO to Ransomware Hackers
Perhaps inspired by their colleagues from Texas, Massachusetts City gave a clear no to Ransomware hackers. Another factor that had a large impact on the town’s decision might be the overall value of cybercriminals’ demands. According to New Bedford’s official press release, ransomware attackers wanted $5.3 million for the decryption of the county’s computer system. If paid, the amount would be the biggest (publicly known) ever paid to hackers.
Authorities weighed all options and make a decision to stick to backups and recreation of the system. With a population of little less than 100,000 people, town representatives are quite aware of the work that needs to be done. Mayor Jon Mitchell mentioned in the press conference that staff did not immediately understand that it was deliberately attacked. However, soon enough, it was clear that Ryuk ransomware penetrated its cyber defenses.
Nevertheless, authorities managed to quickly respond and protect vitally important data from at6tackers. “The city’s MIS department has now completely rebuilt the city’s server network, restored most software applications, and replaced all of the computer workstations that were found to be affected,” the Mayor said. Since only 4% of the entire computer network was affected, civil services went on undisrupted.
The attack was not the first one New Bedford management had to face. In July, a similar incident occurred, when ransomware attacked the system before the start of the working hours. Armed with experience, city authorities were prepared by applying backups and several other security layers.
Year Later, Irish Government Admits Ransomware Breach
In a somewhat surprising move, the Irish government decided to admit ransomware breach a year later since it occurred. The Times covered the parliamentary debate where the discussion regarding the government’s cybersecurity capabilities became the focus of the discussion. Minister Richard Bruton from the Department of Communications, Climate Action, and the Environment’s representative, admitted that the governmental agency had to deal with a ransomware attack.
Fianna Fail spokesman Jack Chambers raised concerns regarding the authorities’ ability to cope with modern malware threats. As a response, Mr Bruton admitted the incident, stating that the threat was dealt with efficiently. However, the department’s head did not provide details regarding the ransomware type nor the severity of the incident. Interestingly, Minster Bruton mentioned that ransomware penetrated defences in 2018, more than a year since the parliamentary discussion.
As a result, Mr Chambers noted the lack of transparency from the governmental officials, calling it a “backward approach” while solving modern cybersecurity threats. “It is alarming that this has raised no red flag or received further in-depth security input,” he stated. “Cyber-security and defence continues to be viewed as an IT management issue, when it should be a strategic security and defence component for the Irish state.”
Plymouth School Newest Ransomware Victim
Plymouth school became the newest ransomware victim as hackers continuously show a lack of human concern. The victim this time is Hele’s School in Seymour Road, as revealed by Principal Justine Mason to the local online news. The news came one week after the start of the autumn semester. The school representative warned the community that although swift action was taken, summer GCSE and A-Level coursework data may have been lost.
In the open letter, Principle stated that “…the full implication of this incident will not be completely known until we have been able to review with individual students what work can still be accessed.” On the other hand, fast response to the threat did ensure the safety of all other data sets. At the same time, students that are affected by the attack will receive individual support from the educational institution.
Hele’s School filed a report with UK’s Devon and Cornwall Police, hoping that investigations will uncover culprits. Although the damages were minimal considering the implications of the attack, all documents created before May 1st are lost. It is not known whether hackers revealed their demands yet but one thing is certain – Hele’s School will go onwards and continue to provide education to its pupils.
Entities give into the Hackers’ Demands
Although many entities showed resilience lately, there are situations in which organisations give in to the hackers’ demands. The first to feel the heat is Stratford City, which saw its servers being isolated from the internet and data sets locked by an encryption code. The situation was at the dead-end, even when Deloitte joined the restoration effort. At the same time, IT teams acknowledged that all files, although locked, are not permanently lost.
Perhaps encouraged by the availability of all online assets, government officials entered talks with ransomware attackers. Two weeks later, all systems were online and functional in April this year. However, the cost of the “victory” was a payment of 10 Bitcoins (about $75,000 value at the time), as local news reporters found out in September. Now, the Stratford City upgraded its security systems with the help of Deloitte.
Another entity faced a similar dilemma when its defences were penetrated by ransomware. A family service from Texas, Rowlett saw data from 1,751 patients locked by the malware. Sensitive data that were in the jeopardy included personal details such as addresses, date of births, Social Security numbers, insurance and other medical information. What makes this particular attack even worse is that the family business handles health services for individuals with disabilities.
With a lot at stake, management of the organisation decided the pay hackers in order to receive decryption code. So far, the amount that was paid is not known and culprits are yet to be identified.
Schools under Ransomware Siege
Apart from Plymouth schools, educational institutions elsewhere around the globe face much the same ransomware siege. New York-based Monroe-Woodbury Central School District and Souderton Area School District are two latest victims that paid the price for the lacklustre cyber defences. Monroe-Woodbury school’s management informed parents that due to the systems lockdown, the organisation will hold unplanned “Superintendent’s Conference Day.”
The ransomware attack was severe enough to delay the start of the lessons at the beginning of September. However, due to the existence of server backups, the school’s computer networks were back online within the following week.
Souderton Area Schools, on the other hand, were in a worse situation, as the system lockdown lasted longer. Ransomware attack also occurred at the beginning of the School year, perhaps indicating that hackers target schools at this specific time.
Luckily, Souderton Schools acknowledged that data sets remained safe, as stated by Frank Gallagher, the Superintendent of Schools. Personal and financial information of pupils and their parents were kept within an offline environment, and thus safe from the online threats. In both attacks, hackers remained hidden from the public view, with police authorities trying to uncover the culprits.
Ransomware Jeopardises Data of 320 Thousand Patients
On September 11th, ransomware successfully jeopardised about 320 Thousand patients’ details held by Premier Family Medical. The Utah-based health services provider notified all of its customers that the ransomware attack has crippled the system. According to the official statement by the organisation, files remain intact even though locked behind the encryption code.
At the same time, the IT department is working closely with local police authorities. However, it is not known whether medical entity employed backups or any other tools that would bring the network back up. The only known detail is that the system was back online shortly after the temporary closure. Thus, it is also not known whether hackers had demands and of what value.
Radio Broadcaster Targeted by Ransomware
In a peculiar turn of events, a local radio broadcaster, Entercom, was targeted by ransomware. The Philadelphia-based radio conglomerate Entercom Communications notified its staff members that the network is under siege. In the meantime, hackers made it clear to radio’s management that decryption codes are available at the moments’ notice but with a price tag of $500,000. Staff members were asked neither to access the domain nor to provide any details to external parties.
With the IT department closely working with law enforcement, the company made it clear (after the info leak) that cybercriminals’ demands will not be met. The owner of 235 radio stations across the U.S. implemented backups right away, restoring the network within few days after the incident.
With operations continuing unhinged by the attack, the company felt no need to succumb to attackers’ demands. So far, hackers remain anonymous to the general public, as police officials are still investigating their whereabouts.
Airbus Sees Defences Broken by Ransomware
Flight carrier manufacturer, airbus saw its defences broken by a ransomware attack in September. If you thought that smaller firms are the ones that get all the unwanted attention, Airbus Company stands to correct you. Moreover, the company already experienced a series of malware attacks this year, as well as its competitors.
The European enterprise poses as a juicy target for hackers since data sets held by the company are quite sensitive. The firm operates as one of the military suppliers, making the information within its system quite valuable. The company’s representatives are yet to confirm these attacks and how big damages really are.
Keep Your Systems Safe – Use Cloud Backups
As seen from reports we collected for you, no matter if you are a business owner or a single computer user, you should keep your systems safe. Cloud backups help protect networks and computers from ransomware attacks, especially at times when data sets are locked behind the encryption. BOBcloud platform provides unique solutions in this aspect and can help organisations fend off online threats.