Three Ransomware Campaigns Cause Problems in Different Public Sectors
Among the ransomware attacks from last week, three caused notable disruptions on institutions from different public sectors — energy, education, and law enforcement. One of the attacks affected City Power, an energy company in Johannesburg, South Africa, while the other two happened in the US, specifically on the Georgia State Patrol and three public school districts in Louisiana. Attacks on the three different sectors resulted in different consequences and implications.
The attack on City Power largely affected the company’s databases, applications and networks. As a result, residents of Johannesburg were unable to purchase electricity using City Power's prepaid vending system and were left without power. The attack also impeded the company’s ability to respond to localized blackouts in the area.
The City of Johannesburg owns City Power, and according to its representatives, most of the company’s IT systems have been restored. However, they admitted that customers may still encounter problems and have created a new website to help customers report issues they may still experience.
The Georgia State Patrol encountered a similar attack. The ransomware was first discovered through a suspicious message that showed up on a field laptop and spread to other workstations of the law enforcement agency. Upon discovery, the servers and network were shut down to stymy the spread of the ransomware. This left the agency’s troopers and officers relying mainly on radio and phone communication to send dispatch information, which they normally do electronically. Although the attack ultimately did not halt the agency’s duties, responding officers were left with no immediate access to information they might need.
Also in the US, the earliest of the attacks happened in Louisiana and affected three of its public school districts. Schools that were hit experienced disruptions, disabling their central office phone and losing years of stored data on their school district’s home servers. Louisiana Governor John Bel Edwards declared a state of emergency in response and has made all available resources working on returning district systems back online.
Defending against ransomware
Although ransomware attacks have decreased in volume, they have been no less effective. Against ransomware, law enforcement and security experts discourage paying ransom, as it is a temporary solution against the threat. Additionally, paying ransom does not always assure affected enterprises that cybercrminals will deliver on their promise.
Instead, enterprises are advised to employ adequate security measures to defend against ransomware attacks or at the very least mitigate their effects should one slip past defenses. Users and organizations can also follow these best practices to defend against ransomware infections and mitigate their effects:
- End users should be wary of suspicious emails, URLs, or attachments that cybercriminals still use to deliver different malware.
- Regularly back up important files to make sure that data and information would remain available in the case of a ransomware attack.
- Restrict access to critical tools like administration tools and files to authorized personnel.
- Regularly update and patch software, programs, and applications to protect against cyberattacks through vulnerabilities.
Trend Micro XGen™ security provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints. It infuses high-fidelity machine learning with other detection technologies and global threat intelligence for comprehensive protection against advanced malware. Smart, optimized, and connected, XGen™ powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report