Ransomware in the News

Ransomware in the News

randsomware and small business
How widespread is ransomware currently? Who has been affected by it? In this post, we’ll highlight ransomware cases that have hit the news lately.  If you don’t know what ransomware is, it’s basically a form of malware that encrypts the victim’s files and locks access to their computer until a sum of money is paid. In most cases, ransomware will also spread to other vulnerable computers in the local network.

Ransomware Attacks on Cities

It should be clear that the more valuable the victim’s information/continuity is, the higher the ransom can be. For that reason, it comes to no surprise that local governments have been attacked several times in recent years by ransomware. In addition, local governments often have  poor defenses. In March 2018, the city of Atlanta was struck with a ransomware attack that disabled online services and demanded $55,000 in payment. Recovering completely from the attack has required approx. $21 million in spending.  In May of this year, the city of Baltimore was also struck by ransomware. In this case, Baltimore refused to pay the ransom of $76,000. The attack is estimated to have cost a total of $18 million.

WannaCry—A Worldwide Ransomware Attack

WannaCry was a May 2017 worldwide cyberattack that infected computers with ransomware using a leaked exploit developed by the United States National Security Agency (NSA). It is estimated that around 200,000 computers were infected across 150 countries. One of the most surprising elements of WannaCry is the fact that it makes use of a Windows exploit called EternalBlue, which was developed by the NSA. Why had the NSA chosen to develop this exploit, rather than notify Microsoft of the vulnerability? Despite Microsoft releasing a patch to close the exploit, WannaCry was still able to cause serious damage worldwide due to organizations not applying the patch yet, or from using older Windows systems. In fact, to this day, ransomware attacks are still being made using the EternalBlue exploit. It happened to be used during the Atlanta ransomware attack as well.

How Ransomware Attacks Play Out

How an organization responds to a ransomware attack depends on how prepared they are. Even if an organization chooses to pay the ransom (which isn’t always a bad idea), they may still fail to recover their encrypted files even with the aid of the ransomer. Organizations need to consistently make backups of their data to properly recover from a ransomware attack. While having this data is essential, victims are still likely to need to invest in new computers. That is because removing traces of ransomware from the infected computers is a laborious and costly task. Setting up a disaster recovery plan that reduces downtime is key to being prepared for a ransomware attack and minimizing damages. Hopefully, you won’t ever need to make use of it.