Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //


08:05 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now

Ransomware Attacks Target Public & Government Orgs With More Frequency, Ferocity

For a while, ransomware attacks, and the actors behind them, targeted businesses and private enterprises. Now, since the start of 2018, it's increasingly a public affair.

Anupam Sahai, the vice president of product management at Cavirin, which makes compliance and risk management tools for hybrid clouds, noted in an email that ports are one of 16 different critical infrastructures listed by the US Department of Homeland Security.

An attack against a port could be a test run of a bigger attack that is being planned.

"A compromised port facility may also provide easier entry for nuclear, biological, or chemical agents to be used in future physical attacks," Sahai wrote.

Better prepared
What complicates ransomware attacks on public institutions, besides the underlying motive, is the whole notion of money -- specifically, that government institutions lack the cash to pay ransoms or have strict rules prohibiting such action.

Many of these agencies and organization also lack the cybersecurity skills to fight off, or at least recover from, a ransomware attack.

Port of Barcelona\r\n(Source: iStock)\r\n\r\n\r\n\r\n\r\n
Port of Barcelona
\r\n(Source: iStock)\r\n\r\n\r\n\r\n\r\n

Ovum's Turner notes that the NHS knew it had systems that needed patching, but the IT and security staffs could not find the time or resources to conduct all the proper maintenance of its IT infrastructure. He noted:

Add to that the fact that some ransomware attacks such as WannaCry exploit common, well-known and well-documented vulnerabilities that should have been patched months beforehand, but which IT departments in places such as the UK's National Health Service were unable to patch across their entire infrastructure because they couldn't find the right moment to take down vital assets to perform the update. This makes for a perfect storm of "operationally justifiable vulnerability" that ransomware attacks can exploit at their leisure.

Still, state and local governments, along with other public agencies, need to take the security steps that they can, which includes developing a multi-layer program that can stop malware and other intrusion from coming onto the network to start, said Darius Goodall, pirector of product marketing at Barracuda Networks, who has worked with Miami, Oklahoma City and others on cybersecurity prevention.

While prevention is the key, Goodall concedes that ransomware can still get through. In that case, government agencies need specific backup plans to get systems restored and to ensure that services continue for the public.

"If data backup is not in place, there are a few steps one can take. First, find out what type of ransomware it is, e.g. encryption, screen-locking, etc., from there you can see if you're still able to access files, especially from another location like a mobile device. If so, then the ransomware is likely fake," Goodall wrote in an email.

"If it's encryption or screen-locking, disconnect from your network and use anti-malware or antivirus software to clean the ransomware and use a data recovery tool to help find those deleted files that are often trashed once ransomware encrypts new copies," he added.

Goodall adds that he never recommends any cyber attack victim negotiate with threat actors, but he understands the temptation of doing so. Instead, as the clich goes, the best offense is a good defense.

"The real challenge many organizations face is implementing the security measures necessary to prevent your organization from ever finding itself in the position in the first place," Goodall wrote.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-19
Truncated L2CAP K-frame causes assertion failure. Zephyr versions >= 2.4.0, >= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-...
PUBLISHED: 2021-10-19
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
PUBLISHED: 2021-10-19
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is c...
PUBLISHED: 2021-10-19
In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be fo...
PUBLISHED: 2021-10-19
An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these pac...