Ransomware attacks are increasing at an alarming rate around the world. The U.S. government estimates that companies are subject to more than 4,000 attacks each day, resulting in $1 billion in ransom paid each year. The most recent case comes from Orleans, USA . The city noticed phishing attempts and suspicious activity eventually resulting in a ‘cybersecurity incident’ which forced them to shut down servers and city computers as a precaution to prevent the attack from spreading any further.
The incident is being investigated by the city with assistance from the Louisiana State Police, Louisiana National Guard, the FBI and Secret Service of the United States, according to the tweets posted on the internet.
Although these attacks resemble other cyber-attacks in terms of how it enters a network and propagates, but the threats it poses for businesses and individuals are often magnified.
In addition to loss of revenue, a ransomware attack prompts legal challenges and, in some cases, even national security concerns, along with the need to decide whether to pay the ransom to restore access to business systems and data. With recent attacks having crippled operations in cities and businesses worldwide, leaders of both public and private organizations are increasingly focused on identifying and addressing their own potential vulnerabilities.
While ransomware attacks come in many variants – Cryptowall, Locky and Cryptolocker are among the most common – they each follow a similar pattern. A user receives an email with an attachment that looks like a Word document, an invoice, a package notice or a fax report, along with a message that convinces the user the attachment is real. When the attachment is opened, the ransomware virus runs a file that encrypts files and documents on the user’s computer. The user receives a message stating that they can get the encryption key and regain access to their files only by paying a ransom.
The rising ransomware attacks are now a big concern for all the working departments and agencies worldwide, but majorly parts of US are seen being attacked.
In September , 2019 Nearly 22 Texas municipalities, in mostly rural areas, were hit with a ransomware attack that crippled key city services such as payment processing operations and the printing of identity documents. An individual threat actor was believed to be behind the attack that locked up the agencies of nearly two dozen small cities and towns in Texas.
With these continued cyber attacks the one thing that comes out to be common regarding the ‘modus operandi’ that the cybercriminals only want to target the small towns.
Pensacola, Florida and Jackson County, Georgia are just a few examples of the near-constant stream of ransomeware attacks over the past year. Louisiana state government was attacked in November, prompting officials to deactivate government websites and other digital services and causing the governor to declare a state of emergency. It was the state’s second declaration related to a ransomware attacks in less than six months. Governments and local authorities are particularly vulnerable as they’re often underfunded and un-resourced, and unable to protect their systems from some of the major threats.
Why are hackers suddenly interested in Main Street versus Wall Street? It seems that the hackers are trying to take advantage of the vulnerability of the small towns . The small government entities mostly host services critical to everyday life in those areas; court records, real estate transactions, utility bills, and emergency services.
Other targeted services, like 911 phone systems, police, or emergency rooms, sit at the center of the dilemma of whether to pay off the criminals quickly or work to thwart their efforts with technology. Many small government entities lack sophisticated cyber-controls and may not have dedicated IT resources on standby. For others, they rely on local contractors who are on-call for “break-fix” type support but are incapable of responding to sophisticated cyberattacks.
Why cryptocurrency?
The most curious question of all these ransomware incidents is why the use of Bitcoin is favoured by these attackers ?
Coin Center director of research Peter Van Valkenburgh made a statement regarding the same and said ‘’ “The efficiency of the network is what criminals are really using it for here. It’s electronic cash, so it’s easy to write software that can automatically demand payment and automatically demand that payment has been made.”
Bitcoins being fast, reliable and verifiable the preference is but obvious.
The hackers can simply watch the public blockchain to know if and when a victim has paid the ransom; they can even make a unique payment address for each victim and automate the process of unlocking their files upon a confirmed bitcoin transaction to that unique address. The truth is that criminals have, as usual, very strict design parameters for the tools they use because there’s no tech-support, contract, or legal recourse for a criminal whose tools fail to perform as they should. Criminals are using Bitcoins in this case because it’s a reliable system that just works. Ransomware hackers are rather like the proverbial rumrunners of prohibition: they like fast custom cars because almost everyone else is still driving a Model T.
The conversion of ransom money collected is however difficult to be converted into fiat money, that’s the reason behind the ransom amount being collected but till now, not ever, in any records of ransomware case, the amount has been transacted out or further sent the real money or by check or bank transfers.
The scope of the ransomware problem is so vast that some organizations are buying and hoarding bitcoin in anticipation of future ransomware attacks and to protect their businesses and software including their customer databases.
FBI’s take and actions:
The Secret Service and the Federal Bureau of Investigation advise against paying the ransome since there is no guarantee that the criminals would return the data and in addition to the fear of return of data the payments made would encourage criminals to target other organizations and to collect more ransom and harm the world of business industry and government businesses or emergency services including hospitals and ambulance services etc. However, the reality is that for some organizations, paying the ransom made sense—because it was the only way to get the data back, or to minimize the downtime. The FBI acknowledged the alternative in its latest guidance for companies on how to handle ransomware attacks, and asked that organizations who pay still notify to the law enforcement.
Federal law also prohibits the operation, marketing, or sale of any type of jamming equipment, including devices that interfere with cellular and Personal Communication Services (PCS), police radar, Global Positioning Systems (GPS), and wireless networking services (Wi-Fi)
“The FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers,” the section on paying the ransom in the updated guidance said.
Regardless of whether the organizations decide to pay the ransom or not, the FBI said in its guidance that it was important to report the incidents to law enforcement. “Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U. S. law, and U. S. Cyber Laws and prevent future attacks,” the FBI said.
