Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Ransomware

10/22/2018
08:05 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Ransomware Attacks Target Public & Government Orgs With More Frequency, Ferocity

For a while, ransomware attacks, and the actors behind them, targeted businesses and private enterprises. Now, since the start of 2018, it's increasingly a public affair.

Anupam Sahai, the vice president of product management at Cavirin, which makes compliance and risk management tools for hybrid clouds, noted in an email that ports are one of 16 different critical infrastructures listed by the US Department of Homeland Security.

An attack against a port could be a test run of a bigger attack that is being planned.

"A compromised port facility may also provide easier entry for nuclear, biological, or chemical agents to be used in future physical attacks," Sahai wrote.

Better prepared
What complicates ransomware attacks on public institutions, besides the underlying motive, is the whole notion of money -- specifically, that government institutions lack the cash to pay ransoms or have strict rules prohibiting such action.

Many of these agencies and organization also lack the cybersecurity skills to fight off, or at least recover from, a ransomware attack.

Port of Barcelona\r\n(Source: iStock)\r\n\r\n\r\n\r\n\r\n
Port of Barcelona
\r\n(Source: iStock)\r\n\r\n\r\n\r\n\r\n

Ovum's Turner notes that the NHS knew it had systems that needed patching, but the IT and security staffs could not find the time or resources to conduct all the proper maintenance of its IT infrastructure. He noted:

Add to that the fact that some ransomware attacks such as WannaCry exploit common, well-known and well-documented vulnerabilities that should have been patched months beforehand, but which IT departments in places such as the UK's National Health Service were unable to patch across their entire infrastructure because they couldn't find the right moment to take down vital assets to perform the update. This makes for a perfect storm of "operationally justifiable vulnerability" that ransomware attacks can exploit at their leisure.

Still, state and local governments, along with other public agencies, need to take the security steps that they can, which includes developing a multi-layer program that can stop malware and other intrusion from coming onto the network to start, said Darius Goodall, pirector of product marketing at Barracuda Networks, who has worked with Miami, Oklahoma City and others on cybersecurity prevention.

While prevention is the key, Goodall concedes that ransomware can still get through. In that case, government agencies need specific backup plans to get systems restored and to ensure that services continue for the public.

"If data backup is not in place, there are a few steps one can take. First, find out what type of ransomware it is, e.g. encryption, screen-locking, etc., from there you can see if you're still able to access files, especially from another location like a mobile device. If so, then the ransomware is likely fake," Goodall wrote in an email.

"If it's encryption or screen-locking, disconnect from your network and use anti-malware or antivirus software to clean the ransomware and use a data recovery tool to help find those deleted files that are often trashed once ransomware encrypts new copies," he added.

Goodall adds that he never recommends any cyber attack victim negotiate with threat actors, but he understands the temptation of doing so. Instead, as the clich goes, the best offense is a good defense.

"The real challenge many organizations face is implementing the security measures necessary to prevent your organization from ever finding itself in the position in the first place," Goodall wrote.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33035
PUBLISHED: 2021-09-23
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the all...
CVE-2021-34767
PUBLISHED: 2021-09-23
A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that V...
CVE-2021-34768
PUBLISHED: 2021-09-23
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected dev...
CVE-2021-34769
PUBLISHED: 2021-09-23
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected dev...
CVE-2021-34770
PUBLISHED: 2021-09-23
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a deni...