Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //


08:05 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now

Ransomware Attacks Target Public & Government Orgs With More Frequency, Ferocity

For a while, ransomware attacks, and the actors behind them, targeted businesses and private enterprises. Now, since the start of 2018, it's increasingly a public affair.

Anupam Sahai, the vice president of product management at Cavirin, which makes compliance and risk management tools for hybrid clouds, noted in an email that ports are one of 16 different critical infrastructures listed by the US Department of Homeland Security.

An attack against a port could be a test run of a bigger attack that is being planned.

"A compromised port facility may also provide easier entry for nuclear, biological, or chemical agents to be used in future physical attacks," Sahai wrote.

Better prepared
What complicates ransomware attacks on public institutions, besides the underlying motive, is the whole notion of money -- specifically, that government institutions lack the cash to pay ransoms or have strict rules prohibiting such action.

Many of these agencies and organization also lack the cybersecurity skills to fight off, or at least recover from, a ransomware attack.

Port of Barcelona\r\n(Source: iStock)\r\n\r\n\r\n\r\n\r\n
Port of Barcelona
\r\n(Source: iStock)\r\n\r\n\r\n\r\n\r\n

Ovum's Turner notes that the NHS knew it had systems that needed patching, but the IT and security staffs could not find the time or resources to conduct all the proper maintenance of its IT infrastructure. He noted:

Add to that the fact that some ransomware attacks such as WannaCry exploit common, well-known and well-documented vulnerabilities that should have been patched months beforehand, but which IT departments in places such as the UK's National Health Service were unable to patch across their entire infrastructure because they couldn't find the right moment to take down vital assets to perform the update. This makes for a perfect storm of "operationally justifiable vulnerability" that ransomware attacks can exploit at their leisure.

Still, state and local governments, along with other public agencies, need to take the security steps that they can, which includes developing a multi-layer program that can stop malware and other intrusion from coming onto the network to start, said Darius Goodall, pirector of product marketing at Barracuda Networks, who has worked with Miami, Oklahoma City and others on cybersecurity prevention.

While prevention is the key, Goodall concedes that ransomware can still get through. In that case, government agencies need specific backup plans to get systems restored and to ensure that services continue for the public.

"If data backup is not in place, there are a few steps one can take. First, find out what type of ransomware it is, e.g. encryption, screen-locking, etc., from there you can see if you're still able to access files, especially from another location like a mobile device. If so, then the ransomware is likely fake," Goodall wrote in an email.

"If it's encryption or screen-locking, disconnect from your network and use anti-malware or antivirus software to clean the ransomware and use a data recovery tool to help find those deleted files that are often trashed once ransomware encrypts new copies," he added.

Goodall adds that he never recommends any cyber attack victim negotiate with threat actors, but he understands the temptation of doing so. Instead, as the clich goes, the best offense is a good defense.

"The real challenge many organizations face is implementing the security measures necessary to prevent your organization from ever finding itself in the position in the first place," Goodall wrote.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

2 of 2
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-09-27
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint.
PUBLISHED: 2021-09-27
A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of...
PUBLISHED: 2021-09-27
In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.
PUBLISHED: 2021-09-27
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
PUBLISHED: 2021-09-27
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking