Portsmouth New Hampshire Recovers From Malware Infection, For the Small Price of $156,000
After a nasty virus infection, beginning in March of 2018, the city of Portsmouth, New Hampshire is beginning to recover. The virus determined to be an Emotet Trojan horse began sending out fraudulent emails stamped with the addresses of city officials and other legitimate accounts in an attempt to solicit money.
At this time, the exact method of malicious execution has not been released. However, the Emotet virus is getting more and more sophisticated. The most popular method has been to insert malicious resources and URL links in emails. These are often disguised as PDF attachments or invoices, from a “trusted” sender. This means the hackers are portraying themselves as trusted senders, in hopes it will increase the likelihood of the user clicking on their malicious link.
Almost four months after the infection took place, the city reported systems are running as they should. Although, this came with a hefty bill. Deputy City Manager for the Portsmouth filed an insurance claim because of how much damage the virus did to city systems, $156,000 to be exact.
Preventing Future Attacks
According to Appauls, in an effort to be proactive, city officials are monitoring the network to prevent other forms of malware from spreading. But is that it? We sure hope not.
To effectively thwart these kinds of malware attacks, it is important for businesses, even home users, do the following:
- Update, update, update. Keep all of your third-party applications and operating systems updated. Yes, it takes time. Yes, it may be inconvenient. But, these updates patch known vulnerabilities in the programs. If you fail to update, you’re failing to patch security holes hackers are aware of.
- Implement application whitelisting. We’ve said it before, and we will say it again — whitelisting is the best malware prevention tool available. A whitelist approach will only allow known-trusted programs to execute. Therefore, even if someone clicks on the malicious link in the email, the malicious executable cannot execute, while using a whitelist solution.
- Disable Macros. Often times malicious executables hidden in documents require Macros to be enabled. By disabling this feature, these forms of malware cannot execute.
- Review Admin rights. When an endpoint gets infected with malware, and the user has admin rights, it can spread throughout the network in the blink of an eye. Determining who has admin rights, and why will help determine if they need to keep those credentials. If they don’t need them, it would be best practice to remove these rights to mitigate the threat of malware spreading.
- Cyber security training. If users do not know what to look out for, they’ll click on anything. Teaching them about current cyber security threats, what they look like, their attack methods and potential damage caused by them will help users understand not only the magnitude of the problem but also identify red flags to be on the lookout for.
