In GA: Cybercriminals Paid to Unlock Computers

by

March 13, 2019

Another municipality in the State of Georgia has become the victim of a crippling cyber attack.
Jackson County, GA has been forced to pay attackers $400,000 in bitcoin to unlock and decrypt their computer systems after being infected with “Ryuk” ransomware on March 1st.

Details are still emerging regarding how the County’s network was affected in the first place and the FBI has been called in to investigate. This isn’t the first time a ransomware attack has targeted a large municipality in the Peach State. Just last year Atlanta, GA was nearly crippled by a very similar ransomware breach. The attack in Atlanta cost the city close to $10 million when everything was said and done.

There are differences, however. The Atlanta attack leveraged SamSam ransomware, created by the Iranians SamSam hacking group. The Jackson County attack was perpetrated by attackers in Easter Europe (according to the most recent information from the FBI) and used a variant of ransomware named Ryuk instead.

According to Check Point Research; where most malware is solicited in bulk via large scale spam campaigns, Ryuk is typically used in smaller, more targeted attacks.

It also appears that Ryuk has some connection HERMES, a strain of ransomware that was developed by the Lazarus Group. The Lazarus Group, believed to be based in North Korea, is rumored to be responsible for the Sony Pictures attack in 2014.

Checkpoint’s research article believes that whoever wrote Ryuk
is either in possession of the HERMES source code or the same bad actor that created it in the first place.

I won’t get into the more technical details of the article. I’d be lying if I said I understood it all.

You can get into the nitty-gritty, if you’d like, by following the link: https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/.

In my opinion, the FBI isn’t going to be able to tell the people at Jackson County anything they probably don’t already know.

Attacks like this against municipalities are frequent in today’s world.

These attacks are successful for 2 main reasons:

1. Municipalities typically lack the necessary Information Security budget to defend themselves adequately – that goes for both technology and staff. Cyber-security is expensive, and many either can’t afford the spend or can’t/won’t justify it.

2. Municipal employees typically lack the proper Information Security training needed to maintain a safe and healthy cyber-environment – Unfortunately, that’s often caused by the same reasons mentioned above, with a severe lack of interest added on as a side.

It’s unfortunate how often we come across that mentality. It’s why we try to let people know that bringing on an MSSP to handle InfoSec isn’t as costly as they may believe, especially when considering that often the spend transforms from a CapEx expense to an OpEx expense.

You can read more regarding why hiring an MSSP is the right decision here, here and here.

If you haven’t subscribed to our blog you can do, using the CTA located at the top right-hand corner of the page.

If you’d like to share your thoughts on any of the topics mentioned in this article feel free to use the comment section below.
 

 

 

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...