Ransomware Hits County Offices, Knocks The Weather Channel Offline

Ransomware may not be as prevalent or dominant in the threat landscape as it was before but, as demonstrated by LockerGoga when it hit a Norwegian manufacturing company, its destructive impact still makes it a significant threat. In fact, ransomware continues to make headway, with the latest spate of attacks crippling several counties and municipalities in the U.S.

[RELATED NEWS: Ransomware Attack Hinders Michigan County Operations]

Government offices in Augusta, Maine; Imperial County, California; Stuart, Florida; and Greenville, North Carolina were reportedly affected by separate incidents. Operations in the Augusta City Center were shut down, particularly IT systems used for the municipal public safety dispatch and financial systems, billing, automobile tax, and assessor’s records.

Earlier, the website and systems in Imperial County and Stuart were reportedly hit by the Ryuk ransomware. The malware took the networks in Imperial County’s office offline and adversely affected its services such as its online payment system, while the offices in Stuart had to disconnect and shut down its affected servers and email systems.

Is ransomware resurging?

Regardless of industry, ransomware appears to be increasingly used in attacks with specific targets. Ryuk, which Trend Micro researchers saw was involved in larger targeted campaigns, was reportedly the same culprit that hindered the printing and delivery operations of several U.S. newspapers last year, including The Los Angeles Times. On April 18, the systems of The Weather Channel in Atlanta, Georgia, were infected by ransomware, disrupting the channel’s live broadcast for 90 minutes before IT staff restored regular programming through backups.

[READ: Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec]

The latest round of incidents shows how ransomware poses significant risks to the privacy and security of personal or mission-critical files, and the integrity of the infrastructures that store and manage them. And when these IT infrastructures are compromised, they can adversely affect a company’s operations, customer trust, and ultimately, its bottom line.

For instance, Norsk Hydro, the multinational manufacturing company affected by LockerGoga, estimated its financial losses of up to NOK350 million (around US$40 million), with some of its operations still in the process of recovery. No business is big or small for ransomware, either. For instance, the ransom demand for small to medium enterprises affected by ransomware reportedly averaged at US$116,000. Some ransomware families, too, are known to conduct other malicious routines like information theft.

Ransomware’s impact could also be exacerbated by how it is distributed. In the same week municipalities suffered attacks, researchers reported a ransomware as a service (RaaS) being peddled in the dark web, named Inpivx. Budding cybercriminals, regardless of their technical knowhow, can customize their ransomware via a user-friendly dashboard where they can manage communication with their victims. And given how affiliates could tailor their malware, a ransomware family could have numerous variants — each with different functionalities and malicious routines — further exposing users and businesses to the threat.

[READ: How Emotet is Used to Deliver the Fileless Nozelesn Ransomware]

Defending against ransomware

Users and businesses are recommended to adopt best practices to defend against ransomware: Regularly back up files, keep the system and applications updated, enforce the principle of least privilege, and implement defense in depth — arraying security at each layer of a company’s online perimeters, from gateways, networks, endpoints, and servers.

Trend Micro Ransomware Solutions

Enterprises can benefit from a multilayered approach to best mitigate the risks brought by ransomware. At the endpoint level, Trend Micro Smart Protection Suites deliver several capabilities like high-fidelity machine learning, behavior monitoring and application control, and vulnerability shielding that minimize the impact of this threat. Trend Micro Deep Discovery Inspector detects and blocks ransomware on networks, while the Trend Micro Deep Security™ solution stops ransomware from reaching enterprise servers — whether physical, virtual, or in the cloud.  Trend Micro Deep SecurityVulnerability Protection, and TippingPoint provide virtual patching that protects endpoints from threats that exploit unpatched vulnerabilities to deliver ransomware.

Email and web gateway solutions such as Trend Micro Deep Discovery Email Inspector and InterScan™ Web Security prevent ransomware from ever reaching end users. Trend Micro’s Cloud App Security (CAS) can help enhance the security of Office 365 apps and other cloud services by using cutting-edge sandbox malware analysis for ransomware and other advanced threats.

These solutions are powered by Trend Micro XGen™ security, which provides a cross-generational blend of threat defense techniques against a full range of threats for data centerscloud environmentsnetworks, and endpoints. Smart, optimized, and connected, XGen powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense. 


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.