Cybersecurity and Ransomware

Ransomware is no joke

by Charles Parker, II

Ransomware is an epidemic. Incidents of these have increased over the last year, occurring too many times across nearly every industry. There have been instances with medical facility’s patient’s data being encrypted, directly affecting patient care, and other patient and administrative effects. Law firms have likewise been targeted due to their client files.

Another industry targeted by the adversaries has been municipalities. These are troubled by budget issues, renewal processes, rising costs, acquiring and keeping sufficient and experienced staff, etc. With all these issues, it’s easy to see how security may not receive the attention or budget (until there is a breach!). A major breach which still rings true was with Genesee County and recently the city of Flint, both in Michigan.

There has been a new successful, significant attack against a municipality. The unlucky target in this case was Jackson County, Missouri. The offices were closed for an extended period. This drastic action was taken after county employees detected significant disruptions in the county’s IT systems. Fortunately, not every system was affected. The affected systems were significant and affected not only the county’s systems but also those services used by its citizens. The affected systems impacted included tax payments, online property, marriage licenses, and inmate searches.

As part of the game plan, presuming they also had an incident response (IR) plan in place, was to contact law enforcement agencies and contracted with security firm(s) to investigate and do the forensic work.

A side note is the county executive stated the county may see a significant budgetary impact and the county emergency fund may not be able to absorb the expense. Let that sink in. If this was a successful phishing campaign, it only took one person clicking or if it wasn’t, a configuration error in the perimeter to allow someone in to remove a county’s emergency fund.

More to the point, everyone and every organization is a target. If there is data or an operational criticality (e.g., a hospital), there is a reason for being targeted. When the target does not have viable, tested, and recent back-ups, the admins and leadership are simply setting themselves up for a bad day, or RGE (i.e., resume generating event). Having back-ups reduces the effort and resource allocation in recovery from a successful ransomware attack. While this sounds obvious, there are still too many companies that just check the box that they have back-ups without verifying they are workable.

About the Author-

Charles Parker II has been working in the info sec field for over a decade, in the banking, medical, automotive, and staffing industries. Charles has matriculated and attained the MBA, MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and SCADA.