fbpx

Ransomware Creates Prolonged Issues for State Organisations in US and Canada

April 25, 2019,

In April 2019 several ransomware attacks shut down state-owned organisations’ servers for weeks. Stuart City, Greenville, and Algoma Public Health authorities are still trying to decrypt their files.

City officials are collaborating closely with police representatives but decryption takes a long time to finalise.  In most cases, criminals demand a ransom for a decryption code. Authorities are yet to release exact amounts that cybercriminals want. According to the news reports, Stuart City Council succeeded to reopen their servers, while Greenville City is still facing blockage of their computers.

 

Phishing Email to Blame for Stuart’s City Hall Ransomware Attack

With a ransomware attack confirmed on Wednesday, April 17th, Stuart City authorities are still dealing with damages. As reported by TCPalm, the computer virus dealt a blow to the city’s servers, which remained switched off until the weekend. However, according to City Manager David Dyess, the IT department managed to restore several vital services. These include payroll, utilities, budgeting, and other functions.

Addressing the issue, Dyess claimed that one of the computers is continuously spreading the virus. “We found a computer that would re-infect itself after we cleaned it and we’re believing that is our primary culprit.”

So far, findings suggest that the ransomware did not use “brute force.” Instead, suspicions point to the Ryuk phishing email virus as the main culprit possibly clicked on by one of the employees.

It’s on a regular desktop computer that doesn’t have outside connectivity. So, more than likely it’s going to be a phishing email-type scam, where it’s like ‘click on this email.

The FBI is already involved in the case since hackers had a clear goal of ransoming funds out of the organisation. According to the City Manager, cybercriminals demanded bitcoins in exchange for network decryption. Representatives did not provide an exact amount that hackers wanted.

However, city management refused to abide by ransom demands, cooperating with law enforcement to uncover the culprits. So far, encrypted files are nowhere near to being freed. Although authorities did succeed in restoring vital functions, email service is still down. Dyess stated: “We are moving forward, probably I would say another week or week and a half we should be back in service.”

 

Greenville City Still Suffering

In a similar manner, the City of Greenville is still in the midst of recovering their encrypted files. According to NewsChannel 12, the attack occurred at the beginning of April. Criminals demanded a ransom for decryption code, with the city’s response remaining unknown to the public. So far, about 750 computers remain locked by a virus called Robinhood.

Greenville Mayor PJ Connelly said that vital services are operational even though most of the city’s computers have the mentioned virus. “I can tell you my email is up and running today,” Connelly said. “I’m very fortunate, so we’re getting back and communicating with the public.” Personal information is not compromised, even though the website is not functioning.

 

Canadian Public Health Organisation Hit by Ransomware

According to the Algoma Public Health’s (APH) statement on April 23rd, 2019, the organisation experienced a ransomware attack. Employees had no access to APH servers since early morning. Medical officer of health, Dr Marlene Spruyt, stated that no personal information was stolen so far. Both employees and customers’ data are intact, with the IT department working around the clock to bring servers back up. APH’s representative concluded:

As we continue to get all our services back online, all appointments at all offices are cancelled for Tuesday, April 23, 2019. We apologize for the inconvenience. As more information becomes available, we will release it.”

 

Importance of Safety Measures

With ransomware issues lasting for weeks, state organisations are hard-pressed to provide vital services. Thus, the backup of the system could prove to be immensely helpful in such situations. In all three cases, decryption of files proved to be a difficult task. Even with the support of law enforcement, Stuart City, Greenville, and Algoma Public Health face weeks of server shut-down.

Backing up files to the cloud or onto hardware in a separate location from the source device(s) will protect data from ransomware attacks. This strategy will allow users to quickly recover lost files and restart their services. Platforms that provide such services, such as BOBcloud, are readily available for both individuals and large organisations.

BOBcloud.net
The Old Sorting Office, Corsham, Wiltshire SN13 9AA
Tel: 0800 907 8238 https://www.bobcloud.net/wp-content/themes/bobcloud/images/logo.png