Lodi, California city manager Steve Schwabauer confirmed that they were hit with a ransomware attack that disrupted phone lines and their data financial systems early in the year. The cybercriminals behind the attack demanded 75 bitcoins (approximately US$400,000 at the time) to return the city’s systems back to normal.
The ransomware entered the city’s system disguised as an invoice attachment in an email to city staff. When a staff member opened the attachment, the malware spread to the city’s network of computers.
It rendered several critical phone lines out of service, including the city's Police Department non-emergency number, its Public Works’ emergency line, and the City Hall and finance division’s respective main numbers. The malware also affected the city’s payment data and financial systems.
The hackers behind the attack demanded a bitcoin payment in exchange for the encryption keys that would release the affected servers. According to Schwabauer they opted not to pay the ransom and instead rebuilt their systems from their backups.
City staff first discovered the attack on April 1. It was seemingly resolved, but caused problems again in May. The second round of effects hit the Lodi Police Department’s software network.
The city employed the help of security experts and a legal team to conduct further financial audits. The technicians who examined the city’s computer system were able to trace the malware’s code and determine that public information was not stolen in the attack.
The city delayed the disclosure of the ransomware following advice from its legal counsel and to avoid the violation of attorney-client privilege.
Fortunately, most of the city’s workstations were not affected by the attack, and the staff were able to rebuild affected systems quickly. After resolving the issue, the city took further action to prevent future attacks from occurring by upgrading systems and promoting stronger cybersecurity regulations.
While ransomware attacks have decreased in frequency, cybercriminals are continuously developing ways to make the malware just as effective. Instead of randomly spreading to infect a larger number of victims, they opt instead to narrow down their targets with the goal of a bigger payout.
Just as the City of Lodi had done, organizations, government agencies, or any other potential target of a ransomware campaign are advised not to pay the ransom. Paying the ransom does not guarantee that the hackers would fulfill their end of the bargain and release the needed decryption keys. Moreover, paying the ransom is only a temporary solution that does not guarantee or prevent another attack.
Organizations are advised to be prepared for ransomware attacks, as they could be increasing in sophistication, and remain wary of the methods employed by cybercriminals to infect systems. Users and organizations can also follow these best practices to defend against ransomware infections and mitigate their effects:
In general, organizations should take a multi-layered approach against ransomware to prevent such threat from reaching systems from all possible points of entry and minimizing its impact.
Organizations can also take advantage of solutions that would help them with their multi-layered defenses. Trend Micro XGen™ security provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints. It infuses high-fidelity machine learning with other detection technologies and global threat intelligence for comprehensive protection against advanced malware. Smart, optimized, and connected, XGen™ powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.