Ransomware, BEC Attacks Strike Government Offices in the US Virgin Islands

Ransomware, BEC Attacks Strike Government Offices in the US Virgin Islands

Two of the U.S. Virgin Islands’ government offices have been hit by cyberattacks, causing substantial financial and operational disruptions. A ransomware attack was waged against the U.S. Virgin Islands Police Department (VIPD), compromising its network and servers, and encrypting internal affairs records as well as citizen complaints. Meanwhile, in a separate attack, V.I.’s Water and Power Authority (WAPA) lost US$2.3 million due to a business email compromise (BEC) incident.

The VIPD shared that the ransomware attack happened in April 2019, encrypting the department’s files and disabling access to important public service software such as IAPro and BlueTeam for several weeks.

Despite having its files and programs corrupted due to the ransomware attack, the department has stated that no information has been stolen. VIPD, which has refused to pay ransom to the cybercriminals, is now working with the FBI in an attempt to decrypt the corrupted files. The source of the ransomware attack is yet to be identified.

Meanwhile, WAPA was discovered to have been a victim of a BEC scam, wiring US$2.3 million of its funds to an offshore account in May and June 2018. According to a report, WAPA wired payment for fake invoices that appeared to be coming from a legitimate vendor. Since the incident, WAPA stated that a cybersecurity training for all employees — with a focus on identifying phishing emails that can lead to financial scams — is ongoing.

These two incidents in the Virgin Islands add to the growing number of reported ransomware attacks hitting state and local governments in the U.S. this year. As of May 2019, there have already been 22 reported ransomware attacks waged against the public sector. The list includes government offices in Augusta, Maine; Imperial County, California; Stuart, Florida; and Greenville, North Carolina; Baltimore, Ohio; and Albany, New York.

Recently, Florida cities Riviera and Lake City paid cybercriminals steep ransom amounts — US$600,000 and US$500,000 in bitcoins, respectively.

Best practices in preventing ransomware attacks

Organizations should follow these best practices to prevent ransomware infections and mitigate the effects of a ransomware attack:

  • Practice the 3-2-1 rule. Keep backups of important files to make sure that data and information remain accessible even after a ransomware attack or infection.
  • Train employees to spot email threats. Users should be wary of suspicious emails, URLs, or attachments that attackers can use to deliver ransomware.
  • Limit access to administration tools and files to authorized personnel. Practice the principle of least privilege, network segmentation, and data categorization.

Trend Micro solutions against ransomware, phishing powered by machine learning

Enterprises can benefit from a multilayered approach to best mitigate the risks brought by ransomware. At the endpoint level, Trend Micro Smart Protection Suites deliver several capabilities like high-fidelity machine learning, behavior monitoring and application control, and vulnerability shielding that minimize the impact of this threat. Trend Micro Deep Discovery Inspector detects and blocks ransomware on networks, while the Trend Micro Deep Security™ solution stops ransomware from reaching enterprise servers — whether physical, virtual, or in the cloud.  Trend Micro Deep SecurityVulnerability Protection, and TippingPoint provide virtual patching that protects endpoints from threats that exploit unpatched vulnerabilities to deliver ransomware.

As phishing attacks become more sophisticated, identifying them through awareness and proper training becomes all the more crucial in keeping enterprises and organizations better protected. Employing the right security solutions that combine traditional defenses and advanced technologies such as artificial intelligence (AI) and machine learning (ML) can help tighten defenses against a broad range of cyberthreats brought about by phishing schemes.

To bolster security capabilities and further protect users, organizations can consider security products such as the Trend Micro Cloud App Security solution. If a suspected phishing email is received by an employee, it will go through sender, content, and URL reputation analysis, followed by an inspection of the remaining URLs using computer vision and AI to check if website components are being spoofed. In addition, it can also detect suspicious content in the message body and attachments as well as provide sandbox malware analysis and document exploit detection.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Posted in Cyber Attacks