Malware Paralyzes the Delivery of Government and Other Vital Services

2019, May

You may have heard or read recently that certain malware attacks on IT infrastructiure have disrupted the activities and services in Baltimore Maryland and Greenville NC.

Ransomware knocks Greenville, N.C. offline

As Ransom Deadline Nears, Baltimore City Continues To Struggle For Fix

Analysis of ransomware used in Baltimore attack indicates hackers needed 'unfettered access' to city computers

Balitmore and Greenville both fell victim to a variant of malware known as ransomware. Ransomware doesn't just delete your information but, locks it in an encrypted state, and then demands monetary payment that often escalates over a period of time.

Specifically in the recent cases mentioned above, the malware has come to be known as "Robin Hood".  So named because the exploit works by using social engineering (phishing) and psychological manipulation techniques (help/feed the less fortunate etc) to persuade a user to open/run a script (often hidden in a document or similar attachment) that runs the code to execute the exploit.

How Do I Stay Safe?

The following four steps may help prevent individuals and organizations from being affected with “Robin Hood” type of ransomware.

A: Identifying phishing lures
Since the developers of “Robin Hood” ransomware are usually familiar with psychological manipulation techniques discussed above, they often invent highly successful lures to catch unwary users. In this context,

Learn how to spot a spearfishing attempt.

B: Backup
One of the manipulation techniques commonly used by ransomware creators relies on the existence of vulnerabilities. By backing up important data, individuals and organizations can decrease their vulnerability to ransomware attacks. As Anup Ghosh, CEO of the security firm Invincea, states: “If the backups are done offline, and the backup is not reachable from the machine that is infected, then you’re fine.

C: Use proper anti-ransomware software
In addition to visiting infected websites, ransomware is also often distributed through malicious attachments. There are many ways to check if a message containing an attachment is legitimate (e.g., verifying the origin of the sender, checking the links contained in the message, and assessing the content of the message). However, due to increased sophistication of malware, even security experts may overlook a malicious attachment. That is why the use of a proper anti-ransomware application is of utmost importance to prevent infection after a human mistake. In this regard, Mr. Ghosh wrote: “Users will open attachments, they will visit sites that are infected, and when that happens, you just need to make sure that your security technology protects you.”

D: Disconnect the infected systems
Ransomware often spreads itself within the network of the infected computers. That is why organizations willing to mitigate the consequences of ransomware need to disconnect the infected computers as soon as possible. In his “Ransomware Hostage Rescue Manual,” Adam Alessandrini suggests the following technique: “Immediately disconnect the infected computer from any network it is on. Turn off any wireless capabilities such as Wi-Fi or Bluetooth. Unplug any storage devices such as USB or external hard drives. Do not erase anything or “clean up” any files or antivirus. This is important for later steps. Simply unplug the computer from the network and any other storage devices.”

Image of entrance to Baltimore Department of Finance and Revenue Collections with a systems all down notice on the door.