Ransomware (ransomware) is showing signs of explosion worldwide, paying is no longer the most effective option.
A series of ransomware attacks have been reported in the past week, seriously affecting many US computer systems, including Georgia, New York, Tennessee and Florida. Along with that is the news of the global damage caused by ransomware, which is also increasing rapidly, making this form of ransom attack no longer simply a matter of security. security, but also become a threat, directly affecting many other areas of life.
File encryption malware has, is, and will continue to grow wildly in the near future. Recently, after Wannacry, GandCrab officially stopped working, other dangerous names almost immediately appeared and replaced, with even more sophisticated tricks, including Ryuk and Sodinokibi. Dharma / Phobos or even Shade . These malware not only target businesses like tradition, but also tend to cause more damage to individual systems.
Ransomware is a form of ransom data encryption attack
The agents behind the above threats have absolutely no distinction between the objectives. However, statistics from Coveware, a company famous in the area of ransomware incident response, show that victims from public areas (owned by the state) often pay data ransom. 10 times higher than private companies. Specifically, the average for the second quarter of this year is 338,700 USD (in the US alone).
Check out some of the notable ransom attacks that took place recently in some US states to better understand the situation and the trend of this form of malicious attack.
- Shade ransomware, the nightmare of 5 years ago is showing signs of returning
Ransomware and coping options
- Ryuk ransomware raged in Tennessee
- Ransomware attacks radio centers in Florida
- Ryuk ransomware attacked the New York library
- Ransomware swept the state of Georgia
- Paying the ransom is just a temporary solution
Ryuk ransomware raged in Tennessee
On July 18, officials Collierville, a town in Shelby, Tennessee, USA, confirmed that many computer systems of public agencies in the town were infected with a strain. Ransomware uncomfortable.
Collierville's IT management department has attempted to minimize the impact of malicious code, while also isolating some of the servers that were attacked. However, some services (licenses, public record requests and business services) have been seriously affected.
According to News Channel 3, the attack occurred in the morning and did not affect emergency services. The investigation was immediately conducted and according to reports, the ransomware strain behind this incident was Ryuk - a name that has been obsessed over the past few months.
- Ryuk Ransomware added "selective" encryption capabilities.
Ransomware attacks radio centers in Florida
The computer system of WMNF 88.5-FM community radio station in Tampa, Florida, was enhanced at the highest level of security after an alarming ransomware attack occurred in the middle of last month.
The computer system of the WMNF community radio station is infected with ransomware
Specifically, the incident took place on June 18 last and did not seriously affect any sensitive data. However, the malware has access to an audio document storage system dedicated to advertising, news and work programs that have been recorded in advance.
Live broadcast broadcast systems have also been infected with malicious code, causing problems that seriously affect the broadcast schedule of the station, especially some planned or pre-programmed programs (WMNF 88.5 -FM will have to compensate). Economic damage is certain.
The Tampa Bay Times report said that although it does not own a backup for data that has been encrypted by malware, WMNF has decided not to pay the ransom. The reason given by Florida Law Enforcement Agency warned WMNF that the possibility of data loss could still occur even if they paid the ransom to the attackers.
In another remarkable news, the WMNF case was not the only case of ransomware in Florida in June. Before long, cyber criminals were thought to have pocketed at least $ 1 million (bitcoin) after successfully infecting malicious code into computer systems in Lake City (paid 42 cents). and at Riviera Beach (paid 65 bit of data ransom).
- After WannaCry, Petya's "blackmail" malicious code is raging, this is a way to overcome and prevent it
Ryuk ransomware attacked the New York library
Another notable name joined Ryuk ransomware's victim list this year. Accordingly, this malicious code was found in nearly all computer systems of the Onondaga County (OCPL) libraries, New York, last Friday. Makes the operation of these libraries completely paralyzed.
The computer system of libraries in Onondaga County stopped working completely
The FBI quickly joined the incident, sending IT investigation teams to collect data and restore the majority of computer systems in these libraries.
As of yesterday, July 21, OCPL said their online system has started to return to normal operation. Library members can now access the OverDrive account and check items with a web browser.
OCPL did not disclose whether they paid the ransom to get back the data or the FBI did it. However, according to experts, it is likely that OCPL must accept to pay a large amount of money because the digital archives in these libraries are very valuable.
In a related move, Ryuk was also the ransomware strain responsible for the attack on the New York City School District of Onondaga County last week. Makes learning and teaching locally paralyzed.
- Cr1ptT0r Ransomware spreads on D-Link NAS devices, targeting embedded systems
Ransomware swept the state of Georgia
Georgia is also one of the most vulnerable sub-groups from ransom data encryption attacks that are raging across the United States as well as in many other countries around the world since early 2019 to date. .
According to the latest information from Henry County, Georgia officials, the county's public computer system has been completely encrypted. The attack took place on Wednesday morning (around 3 or 4 am) and computer systems were still unable to function until yesterday afternoon, July 21.
The malicious code was crippled for the Henry County administrative network
More dangerous, the majority of encrypted computer systems are being used in a number of essential areas such as budget management, spending, management and administrative plans. Thus, the encrypted data is quite valuable and it is likely that local authorities will accept ransom payments in the future.
Melissa Robinson, public information officer of Henry County told local news agency that some of the county's departments and agencies would have to move to moderation, only working on normal paperwork if the current situation still exists. continue. This person did not clearly explain the nature of the case but stated that the FBI had actively contacted Henry County and they would take over the local computer system if necessary.
- New ransomware detection not only encrypts files but also helps 'clean up' the system
Paying the ransom is just a temporary solution
Ransomware has been and will continue to be a serious threat to computer systems worldwide. However, this malicious code can also be easily suppressed and coped if the victim owns a backup plan in full for his or her data system, and it is important not to accept the ransom, Because as we know, the ultimate purpose of ransomware is to make the victim hook. Without paying the data ransom means that the source of the malicious code is cut off, the attacker will not be able to collect illegal profits.
More remarkably, paying for the key to decrypt the data is just a temporary solution in case the data is encrypted too important, or the paralyzed system causes too much damage, but cannot help solve the root problem in the long run. On the other hand, paying a ransom can also be seen as an act of encouraging the attackers to continue to push for profit through their illegal acts.
- [Infographic] 7 effective ways to protect businesses from Ransomware
Paying data ransom is just a temporary solution, not of long-term value
Even after paying the data ransom, the general scenario that the victim will have to accept is financial loss and an investment in a better security system to protect themselves from other attacks in future.
Such is the case in Riviera Beach, Florida, USA. The ransomware attack on the city's computer system ended with local authorities accepting a huge amount of money, amounting to about $ 600,000 to get decrypted key words. They continue to invest nearly $ 1 million more in consolidating computer systems and upgrading new hardware pages to provide better security in the future.
In fact, most network attacks can be successfully deployed by exploiting reported but unresolved vulnerabilities, so installing the latest security updates will help Significantly reduce the possibility of attack. This is also the most effective and inexpensive defense measure.
In addition, it should be noted that there are projects and organizations specializing in extortion code like No More Ransom that can provide you with a free decryption key for many different versions of some ransomware strains. known.
Another project called ID Ransomware specializes in ransomware identification solutions for businesses by checking ransom notes or an encrypted file. For problems involving several popular ransomware strains such as Ryuk, Emisoft can support decoding files in 3% to 5% of recorded cases. Simultaneously, Ransomware ID can also help determine the effectiveness of decoding options according to each specific malicious code.
- Overview of building enterprise security detection and response system
In terms of security as well as network security, organizations, businesses, and even individuals should make sure to keep an appropriate data backup plan, updated and changed regularly according to the activity. The reality of the system, and above all, it must be isolated from the main network.
Ransomware is a frightening form of cyber attack, but it's no big deal if you have a tightly built security system, as well as a logical data backup plan. Building such a system is not too difficult.
You should read it
- Ryuk Ransomware has added 'selective' encryption capabilities.
- Mexico's largest oil and gas corporation has been attacked by ransomware, presenting a cyber security disaster
- Even DSLR cameras can be easily attacked by ransomware
- PureLocker - a very 'weird' ransomware strain that can encrypt servers
- STOP - Ransomware is the most active in the Internet but rarely talked about
- Shade ransomware, the nightmare of 5 years ago is showing signs of returning
- Ransomware can encrypt cloud data
- No More Ransom - the flag of the war against ransomware
- What is Ransomware Ryuk? How to prevent it?
- Warning: These 3 dangerous ransomware could explode all over the world, 1800 large enterprises were 'shot'.
- Forecast 2021: The world of security will be devastated by ransomware '
- Lukitus Guide to preventing extortion malicious code
Maybe you are interested
Dangerous 'Helldown' Ransomware Warning Expands to Linux and VMware
Detecting a new ransomware strain that specializes in stealing login information from the Chrome browser
What is extortionware? How is it different from Ransomware?
New ransomware appears attacking Windows operating system
Difference between Cyber Extortion and Ransomware
How to enable ransomware restrictions on Windows