Ransomware Attacks Hit Three Florida Cities

ransomwareRansomware attacks are on the rise across the country.  No greater example of this is the recent rash of ransomware attacks on Florida cities.  Over the last several weeks, three Florida cities have fallen victim to these cyber attacks.  Over the last 5 years, more than 165 municipalities around the country have reported being the target of an attack, and experts believe that number is likely underreported. In 2018, approximately 53 municipalities reported attacks.  There have already been 21 reported attacks in the first four months of 2019.

The first attack in Florida hit Riviera Beach, a small city north of West Palm Beach on May 29.  An employee of the Riviera Beach police department opened an email that released a virus on the city's computers.  The effects of that email pushed Riviera Beach back into pre-computer days.  All paychecks had to be handwritten, and no direct deposit was available. Traffic tickets that are normally printed from hand-held devices had to be written on paper slips.  Six days later, Riviera Beach City Officials agreed to pay the hackers 65 Bitcoin to get data back, or nearly $592,000.  The city's original data was not backed up.  On top of the ransom, the city will also spend $941,000 to replace 400 computers to rebuild its IT systems.

One week later, Lake City, Florida became victim number two.  In this case, a city hall employee opened an email that infected the machines across the city's network, bringing down their email and online payment systems.  After discussions with both the FBI and their insurance carrier, Lake City bit the bullet and paid 42 Bitcoin to get its computer systems back.  This is around $460,000.  The FBI though discourages paying cybercriminals.  One week after the attack, the Director of IT was fired.

Approximately two weeks later, the Village of Key Biscayne reported suffering from a data breach.  So far, no cause has been issued about the Key Biscayne attack.  Officials there held a special council meeting to discuss the issue, and thus far have agreed to spend $30,000 on a data recovery firm.  The Village Manager does have the ability to incur more expenses to resolve the ransomware attack if she sees fit.

In two of these three cases, the communities were hit with the 'Triple Threat Attack' that was discovered back in April.  This malware campaign combines three separate cyber attack methods to gain access to computers and hold data hostage.  The first phase of the the Triple Threat Attack begins with a phishing email with a Microsoft Office document attached.  The document contains the malicious code, and upon opening the document, the infection begins.  Once infected, the company, or municipality in this instance, is held hostage by the cyber criminal.  To gain access to the data, the company can pay the ransom or choose to ignore the ransom request and backup files from their disaster recovery plan.

With cyber attacks on the rise, it is critical that businesses employ a data backup systems to protect themselves from data loss.  It’s that simple – and not only should you utilize a data backup system, but you should encrypt it as well.  Here are four tips to help protect your backups against ransomware.

  1. Monitor your backup process and understand the information you get from it.  The earlier your business finds a ransomware infection, the more likely it is that you can prevent significant damage to your data.  Look for anomalies in  your daily backup logs and investigate them quickly.  This may limit the damage.
  2. Separate your backup from your normal operations.  When you separate your backup from your general working systems, you are ensuring that your backups are hardened against attack.  This will help to prevent ransomware from encrypting your backup data and taking out the one thing that may save you in a ransomware attack.
  3. Use care when utilizing network file servers or online sharing services.  With the easy of use and “always available” nature of network file servers, they are a popular way to centralize data and make the backup process easy.  But when ransomware gets to a network file server, its security weaknesses may end up encrypting your connected drives as well, and taking out home directories too, leaving all data encrypted by the ransomware.  Companies should backup network file servers to a separate system or service and test the restore capability to make sure if ransomware strikes, backups can be initiated.
  4. Consistently test your backup processes.  At the end of the day, you can backup all of the data you have all the time, but if you can’t access it quickly and count on the backup, it is essentially useless.  Make sure you’re doing backups on a frequent basis so data loss can be minimized if a ransomware attack happens.  And ALWAYS be testing your backup to make sure you’re getting out of it what you will need in a disaster.

Along with a data backup system, companies need to educate their employees on the dangers of cyber attacks and how to spot them.  Employees are always the first line of defense against a data breach.  Here are items that your employee training should cover.

  • Forms of Cybersecurity Threats. Knowing the basic forms of cybersecurity threats is imperative to an effective program.  This will include spam, phishing, malware, ransomware and social engineering. Don’t just provide them with definitions, but concrete examples of what these threats look like.  For spam, that may be a fake LinkedIn invite to connect (they carry viruses).  Phishing samples and how to tell an email is phishing is also key.
  • Password Security. With so much of our lives, both personal and professional, revolving around technology, everyone needs passwords for applications.  Often times, people utilize one or two generic passwords for all of their needs, and those passwords are easily cracked by cybercriminals.  Employee cybersecurity training should reinforce the importance of unique passwords, and how passwords are the first line of defense against cyber attacks.
  • Protection of Company Data.  All companies have policies on data protection, but just because they are on paper in your handbook doesn’t mean employees know the exist or understand them.  Employee cyber security training works to explain those policies and what they really mean for the company.  Ongoing training ensures employees stay current on the policies and truly understand their place in the workplace.
  • How to Identify and Report Threats.  Every good employee cybersecurity training should help employees note red flags and warnings that employees can see to sniff out threats.  Provide them with the company policy on reporting these warnings including the right person to speak with if an attack may have occurred.  Employees should be made to feel comfortable making a report, even if the report is unfounded.  Making reports shows that employees are paying attention, and that is of the utmost importance.

Keeping your business safe from cybercriminals is imperative in today's business world.  Take your lead from these three Florida cities.  Protect your data and have a disaster recovery plan in place that is tested and works.  Train your employees on the dangers of cyber attacks and how to spot them.  No plan is foolproof, but the more steps you take to secure your business data, the better protected you will be.  Fraser's Managed IT Services group works with companies to create data backup strategies and employee cybersecurity training programs that work.  Contact us today to learn more.