Ransomware attacks are growing, yet not a good way to pay

cyber attack

This week, a flourishing number of Ransomware attacks in Georgia, New York, Tennessee and Florida have been reported.

Malware encryption has become rampant lately, with organizations in the public and private sectors like Ryuk, Sodinokibi or Dharma / Phobos targeted.

The players behind these threats do not discern the targets, but Coveware’s statistics show that victims of public sector pay 10-fold more than private companies. The average for Q2 was calculated at $338,700.

Ryuk in Tennessee

On Thursday, Tennessee’s Ryuk confirmed that Collierville’s computer systems had been infected by a strain of ransomware.

The IT department has worked to minimize the impact and isolated several servers affected by the attack, but certain departments have been affected.

According to News Channel 3, this attack took place in the morning and had no effect on emergency services. Later in the day, city officials reported that the Ryuk ransomware strain caused the disruption.

Ransomware hits Florida Community radio Station

WMNF 88.5-FM station in Tampa decided to strengthen its security stance following last month’s Ransomware attack.

The incident happened on 18 June, without affecting sensitive details, but reached a system which stored audio archives for pre-recorded news and public affairs programming promotions or episodes.

Live HD transmission systems were also infected causing radio to show the rock band’s name’ Derek and the Dominos,’ irrespective of the story played, with a digital display.

Although there were no malware encrypted data backups, WMNF decided not to pay the money, reports the Wednesday Tampa Bay Times.

The Florida Law Enforcement Department told the radio, even if they paid cyber criminals, that there is a good chance of losing the data.

In other ransomware incidents in Florida, people in the City of Lake City (paid 42 bits) and Riviera Beach (paid a 65 bitcoin ranke) were able to pay in at least $1 million in Bitcoins after infecting computers.

Ryuk in the New York libraries

Another page in the chronicle of ransomware attacks is in Onondaga County libraries (OCPL), New York, where a Ryuk incident was discovered last Freitag..

The FBI was involved in the research and IT teams worked to restore the systems at the library locations of the County to normal.

The systems were still unavailable on Tuesdays, but today there were signs that cardholders can now access their OverDrive accounts and search the items on a web browser.

Ryuk, also responsible for last week’s attack on Syracuse City District School , according to News Channel 9, appears to be the ransomware strain that is causing the disruption.

Ransomware in Georgia

Another file-encryption-causing incident in Henry County, Georgia, was reported today. The attack occurred in the morning of Wednesday (approx. 3 or 4 am), and this afternoon, the systems were still not working.

The computers downloaded served budgeting and procurement systems and the Department of Planning and Zoning.

The County Public Information Officer Melissa Robinson informed local Henry Herald newsagent that if the current state of affairs persists in the coming couple of days, the Department would have to switch to paper permits.

Robinson did not explain the nature of the incident clearly, but said the FBI was contacted and would assume responsibility in the case of ransomware, if so.

Payment is a short-term solution

Payment can stifle Ransomware by not paying the cost of cybercriminals requesting the decryption tool since it will make the enterprise less profitable for the attacker.

In addition, the demands of the actor on the threat are not resolved in the long term. At the end of the day, the victims will have to accept the financial loss and also invest in a better position to protect them from future types of attacks.

For example, the Riviera Beach attack ended when the city paid about $600,000 for decryption keys to the hackers and invested nearly $1 million in new computers and hardware to reconstruct their IT network.

Most cyber-attacks are possible by exploiting previously reported and addressed vulnerabilities, which reduce the chances of an attack by installing the latest security update.

It is also necessary to note that projects like No More Ransom provide free decryption of different versions of several ransomware families.

On the defense side, organizations need to make sure that the right backup system for files is running periodically and isolated from the main network.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.