Ransomware Threats Continue to Flood the U.S.
For years, I would write about all of the ransomware attacks that I could find. Every single attack that I became aware of, I would blog about. As time moved on, this task became a bit more tedious but could be done. However, over the last few weeks, it has become the opposite. Writing about every single ransomware attack that is occurring is simply not possible. Every day there are multiple attacks exposed to the public.
Are they becoming more prevalent or more public?
That is debatable. Often times enterprises do not share the news of ransomware attacks. They do not want to alarm customers or shareholders. Instead, they keep it quiet and restore networks as quickly as possible. Oftentimes, this includes paying the ransom demands.
Schools and government entities are no longer staying quiet. Over the last week, three different schools in Louisiana have fallen victim to ransomware. This led Governor Edwards to declare a state of emergency. Additionally, New York schools including Monroe College, Syracuse School District, and Watertown School Districts all fell victim. Most recently, Houston County Schools of Alabama became riddled with ransomware, requiring them to postpone the first day of classes.
Beyond the education sector, three different counties in North Carolina experienced cyber attacks, taking down websites and locking the Lincoln County Sheriff’s Office out of their police reports and email systems.
And Georgia — boy, do they have a target on their back. In July alone the Department of Public Safety, Henry County, Lawrenceville Police Department, and the Georgia Court Agency were all corrupted by ransomware.
Is there hope?
That depends on five things.
First, in order to stop these attacks, the hackers have to no longer be profitable. This means the victims have to stop paying the ransom demands.
Next, to block these attacks the US-CERT, FBI, NSA, and DHS have encouraged the use of application whitelisting. By deploying this technology, only known, trusted programs are permitted to execute.
Users also need to ensure they are updating their operating systems and third-party applications. By leaving these programs outdated, known security holes are left open.
It is also imperative to backup files on a daily basis. If an attack hits, you can restore your networks using backup files. However, it does not do any good if these backups are not current, or stored on an internal server.
Lastly, disable any unused remote access ports. This is the lastest attack vector hackers are using to worm their way into devices. If it is not being used, disable it. If it is being utilized, users need to update the password to something that is not used for any other accounts and includes upper case, lower case, numbers, and special characters.
