Ransomware

Ransomware is Wreaking Havoc on Small Cities

Lake City Florida.jpg

After last month’s ransomware attack that crippled the city of Baltimore, another series of attacks has costed two Florida towns over one million dollars combined in ransoms to regain control of their municipal computer systems. This is the latest in a worldwide epidemic of hackers extorting cities, villages, and townships for ransom money.

The first town affected was Riviera Beach, a suburb just north of Palm Beach. A small town with a population just over 35,000 is not what many people think would be the target of a highly sophisticated online attack, however, small towns are an increasingly attractive target for hackers.

The hackers got in after an employee at the police department clicked an infected link in a phishing email and were then able to shut down most of the cities systems including email, online utility payment, village payroll, and payments to city vendors. The city was able to recover only after paying the $600,000 ransom (in the form of Bitcoin) and spending almost a million dollars on technology upgrades.

Shortly after the attack on Riviera Beach, Lake City fell victim to a similar attack where the virus was introduced to their computer system via phishing email as well. Along with shutting down the cities email, utility payment and payroll, this group of hackers, believed to be separate from the Riviera Beach attack, shut down the cities police dispatch system, leaving them struggling to allocate police resources.

I would’ve never dreamed this could’ve happened, especially in a small town like this
— Lake City Mayor, Stephen Witt to Action News Jax

Jason Rebholz, a principal for Moxfive, a technology service firm, who tracks ransomware payments and has helped victims of similar attacks said, “The complexity and severity of these ransomware attacks just continues to increase.” The amount of money asked by hackers has increased tremendously in the last few years and is a testament to hackers sophisticated ability to target government agencies.

Cities and towns are not the only victims to the recent tidal wave of hacker using ransomware. In 2018 a virus disrupted the flight information system, baggage displays and email at Cleveland Hopkins International Airport, and the same virus infected the Port of San Diego, costing millions. Hospitals are also a prime target for hackers due to the large amounts of personal data they store.

Three elements prevent organizations from falling victim to ransomware attacks.

  1. Trained Employees

    Training employees to spot hazardous emails and reporting them to their managers can prevent a majority of these types of cyber-attacks. It is important to have regular discussions with employees about good internet practices. Important practices include reporting spam emails, avoiding suspicious links and online ads, and regularly changing and strengthening passwords.

  2. Updated Technology & Protective Measures

    Many ransomware attacks that hit cities or businesses are allowed to occur due to outdated security technologies like firewalls or anti-virus software. In today’s day and age, hackers can scan thousands of organizations looking for specific vulnerabilities that only the latest software and hardware can prevent. This is why it is important to consult with your IT provider regularly to insure that your internet technologies are up to date and your data is kept safe.

  3. Offsite Data Backups

    If either city had been backing up their data to either the cloud, offsite servers, or a combination of both, they would have had a recent backup to fall back on and continue operations with the only data being lost was that since the last back up. Trusted IT partners like Current Technologies can help implement regularly scheduled offsite backups and help you restore your data in the event of a would be catastrophe.

Protecting your Data is what we do at Current Technologies!

Name *
Name

We Value Your Feedback

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal (1).jpg

How Ransomware Is Invading Schools

business-businessmen-classroom-267507.jpg

The Education Sector Is Under Attack


Every IT employee in the education sector is likely aware of the ransomware plague that has visited their colleagues in healthcare the last few years. Healthcare offers hackers rich pickings of personal and financial information—but so does the education sector, where there is the added bonus of valuable research and other types of information unique to the sector.

Recently, security firm BitSight reported that education, not healthcare, is in fact the most attacked industry. It found that 13% of educational organizations had been hacked—three times more than the rate of ransomware in healthcare and more than 10 times the rate in the financial sector.

This is contrary to the findings earlier in the year from Osterman Research which found far higher ransomware penetration rates in healthcare.

While first place might be in dispute, no one is arguing that ransomware is now a growing and expensive problem. Being in third place or even ninth place will be no consolation when the hackers strike. That’s especially true if you could have taken some simple precautions to stop the attack or limit the damage.

The Education Sector’s Special Problems With Ransomware

It’s difficult for K–12 schools to fend off attacks with small budgets and IT teams. And universities are environments where file sharing is an extreme sport, making ransomware a huge challenge for IT departments.

The hackers are after medical records, information they can use for identity theft, financial information, and research data. And many institutions are paying the ransoms, which won’t help the problem go away.

Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact
— James Scott- Institute for Critical Infrastructure Technology

Protection is much Cheaper than Reaction

There are some simple things that you can do to shore up the defenses without incurring significant cost.

  1. Establish email security protocols—Email is where the attackers are most likely to get into your system, so take the chance to kill off as many prospective attacks as possible by just not letting the infected files through.
  2. Avoid file sharing—Ditto.
  3. Keep software up to date—Unpatched software is another way in so shut it down.
  4. Improve network hygiene by upgrading aging infrastructure to reduce your vulnerabilities.
  5. Have a diversified backup strategy—Use physical and cloud backups
  6. Segment the Wi-Fi—If possible, segment your Wi-Fi to keep staff, students, and guests on different networks.
  7. Educate employees—Most hackers get in through email phishing attacks. They need to know what good security looks like and where the dangers are coming from.
  8. Show file extensions—It’s harder to hide an exe file as a jpg when the user can see the full extension, and you’ve trained them to know the difference

Helping Keep Your Information Safe Would Be Our Pleasure!

Name *
Name

We Value Your Feedback!

Was This Information Helpful?
Was This an Interesting Read?
CurrentTech_Horizontal.jpg

6 Steps To Secure Your School's IT Network

Compuer Lab.jpeg

Your School's IT Network is a Gold Mine for Hackers


The Open Security Foundation reports that 15% of all data breaches take place at educational institutions. When such attacks are successful, the consequences can be severe. Given the regularity of attacks on educational networks—and the harm they can cause when they’re successful—it’s vital that you make sure yours is as secure as possible. Here are five things you can do to make sure your school’s network is secure.

1. Use multiple defenses.

The key to a secure network is a comprehensive approach that takes into account all possible points of entry. It’s not enough to have one anti-virus program, or to encrypt only some sensitive information. Combining multiple security measures will provide the best possible defense for your valuable data.

2. Update. Update again. Then check for new updates.

According to a report by Symantec and Verizon, nearly one million online bugs are introduced per day. It's little wonder then that anti-virus programs require frequent updates to remain effective. Neglecting these updates increases your vulnerability to costly and time-consuming infections. Current Technologies recommends automating them whenever possible. You must also take care to download security patches for your browsers and operating systems as they become available.

3. Control network access.

Using network administration software, you can restrict user access to information. Apply "the principle of least privilege" and ensure users can only access the information they need. This will allow you to reduce access to sensitive information while ensuring that everybody can still do their job.  

4. Back up everything.

It’s inevitable that you’ll hear stories of students at your school losing nearly finished assignments because of a power outage or a flash flood. Don’t make the same mistake—back up everything you can, preferably in a secure, off-site location. That way, in the event of a security breach (or a natural disaster), you don’t have to worry about extensive data loss.

5. Encrypt sensitive information and use strong passwords.

Finally, it’s prudent to encrypt sensitive information whenever it’s not being used. In the unfortunate event that your school falls prey to a successful cyberattack, you’ll at least have the consolation of knowing that your files were useless to the perpetrators.

The maintenance of a secure school IT network requires you to ensure that it’s kept up-to-date and that the people managing it are following best-practice security protocols.

6. Password Management

In April this year, hackers were able to infiltrate the network of a New Jersey school, steal critical network files, and demand $125,000 for their release, all because of a single weak password.

So make sure that your school’s network administrators are using unique passwords or a suitable password manager app. You can also consider implementing multiple factor authentication (MFA), which requires both a password and a second authorization code—sometimes a secret question, sometimes a code sent to a registered mobile phone.

Don't Let Your Institution Be Another Case Study

Name *
Name

We Value Your Feedback!

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal.jpg