California City Confirms Phone Line and Financial Data System Disruptions Caused by Ransomware
Lodi, California city manager Steve Schwabauer confirmed that they were hit with a ransomware attack that disrupted phone lines and their data financial systems early in the year. The cybercriminals behind the attack demanded 75 bitcoins (approximately US$400,000 at the time) to return the city’s systems back to normal.
The ransomware entered the city’s system disguised as an invoice attachment in an email to city staff. When a staff member opened the attachment, the malware spread to the city’s network of computers.
It rendered several critical phone lines out of service, including the city's Police Department non-emergency number, its Public Works’ emergency line, and the City Hall and finance division’s respective main numbers. The malware also affected the city’s payment data and financial systems.
The hackers behind the attack demanded a bitcoin payment in exchange for the encryption keys that would release the affected servers. According to Schwabauer they opted not to pay the ransom and instead rebuilt their systems from their backups.
City staff first discovered the attack on April 1. It was seemingly resolved, but caused problems again in May. The second round of effects hit the Lodi Police Department’s software network.
The city employed the help of security experts and a legal team to conduct further financial audits. The technicians who examined the city’s computer system were able to trace the malware’s code and determine that public information was not stolen in the attack.
The city delayed the disclosure of the ransomware following advice from its legal counsel and to avoid the violation of attorney-client privilege.
Fortunately, most of the city’s workstations were not affected by the attack, and the staff were able to rebuild affected systems quickly. After resolving the issue, the city took further action to prevent future attacks from occurring by upgrading systems and promoting stronger cybersecurity regulations.
Defending against ransomware
While ransomware attacks have decreased in frequency, cybercriminals are continuously developing ways to make the malware just as effective. Instead of randomly spreading to infect a larger number of victims, they opt instead to narrow down their targets with the goal of a bigger payout.
Just as the City of Lodi had done, organizations, government agencies, or any other potential target of a ransomware campaign are advised not to pay the ransom. Paying the ransom does not guarantee that the hackers would fulfill their end of the bargain and release the needed decryption keys. Moreover, paying the ransom is only a temporary solution that does not guarantee or prevent another attack.
Organizations are advised to be prepared for ransomware attacks, as they could be increasing in sophistication, and remain wary of the methods employed by cybercriminals to infect systems. Users and organizations can also follow these best practices to defend against ransomware infections and mitigate their effects:
- Educate employees or staff members about social engineering tactics that cybercriminals use. End users should remain wary of suspicious emails, URLs, or attachments that cybercriminals use to deliver different malware, as seen in this case.
- Regularly back up critical files to make sure that data and information would remain available in case a ransomware had successfully spread to the system, which has proven advantageous after the Lodi attack.
- Update and patch software, programs, and applications to protect against exploits of possible vulnerabilities.
In general, organizations should take a multi-layered approach against ransomware to prevent such threat from reaching systems from all possible points of entry and minimizing its impact.
Organizations can also take advantage of solutions that would help them with their multi-layered defenses. Trend Micro XGen™ security provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints. It infuses high-fidelity machine learning with other detection technologies and global threat intelligence for comprehensive protection against advanced malware. Smart, optimized, and connected, XGen™ powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale