A recent spate of ransomware attacks caused the suspension of some public and private services in Baltimore, Ohio and Indiana as the affected organizations deal with the investigation and recovery of their systems. A ransomware attack in May prevented the Baltimore City and County governments from mailing the annual water and sewage tax bills to its residents due to unverifiable accounts of abnormally low or no water consumption in 2018.
In another report, NEO Urology in Ohio paid $75,000 in bitcoin to unlock its computer systems after attackers breached and encrypted their data.
Talley Medical Surgical Eyecare Associates PC in Indiana reported that a ransomware attack in the last week of May caused files to be inaccessible, affecting information pertaining to approximately 106,000 individuals of current and former patients and employees.
The attack on Baltimore City’s Department of Public Works’ computers involved the use of RobbinHood ransomware — the second time in just over a year that hackers demanded payment in exchange for returning the city’s technology systems’ normal operations. The ransomware attack, which occurred on May 7, took the city more than a week to recover more than half of the systems, incurring an estimated $18.2 million in losses as the city tried restoring services, including servers and records for water bills, property tax bills, permits, and parking tickets, among other transactions. According to a recent update, both county and city officials have not been able to validate water bills and sewer charges of more than 10,300 customers due to the unusual data on hand, deemed by county officials to be incorrect due to the attack.
Following HIPAA Breach Reporting guidelines, Talley reported to the Department of Health and Human Services (HHS) that a breach compromised the institution’s desktop computer, electronic medical records, email, laptop, and network server on the first week of April, rendering files temporarily inaccessible. While the organization declined to disclose whether they paid a ransom to unlock their files, they are unable to confirm if the attackers were able to lift information from the encrypted folders. Data included personally identifiable information such as names, addresses, diagnosis and treatment information, and Social Security numbers, among others.
Meanwhile, NEO Urology discovered that their systems were compromised and locked after they received a fax from the attackers demanding ransom. Access to the affected systems were restored two days after an IT firm’s third party paid the attackers. The company estimates that the attack caused revenue losses of $30,000 to $50,000 for each day that the institution could not operate.
The cost of ransomware attacks go beyond the damage it can do to an organization in terms of financial loss; losses continue due to the uncertainty of breadth and depth of the systems’ compromise and reputational damage. Users and organizations should follow these best practices to prevent ransomware infections and mitigate the effects of a ransomware attack:
- Practice the 3-2-1 rule. Keep back-ups of important files to make sure that data and information remain accessible even after a ransomware attack or infection.
- Users should be wary of suspicious emails, URLs, or attachments that attackers can use to deliver ransomware.
- Limit access to administration tools and files to authorized personnel. Practice the principle of least privilege, network segmentation, and data categorization.
Trend Micro SolutionsTrend Micro XGen™ security provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks,and endpoints. It infuses high-fidelity machine learning with other detection technologies and global threat intelligence for comprehensive protection against advanced malware. Smart, optimized, and connected, XGen™ powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale