Targeted Ransomware Increasing
Is targeted ransomware increasing? Over the past month, organizations reported several new ransomware attacks, but with an interesting twist. While often times criminals spread ransomware to as many systems as possible, these attacks seem to target specific organizations. Could this be a new trend?
ONWASA Targeted Attack
Let’s start by looking at a few recent targeted attacks. Just two weeks ago, ransomware infected the Onslow Water and Sewer Authority (ONWASA) in North Carolina. Criminals targeted their organization because of the convenient timing and hoped to get a major pay out.
First of all, the timing was very critical. ONWASA services several military facilities and many residents, and Hurricane Florence had just gone by. After the storm, many residents need the water supply turned back on or off, making this an easy time to strike.
ONWASA was not ready for a ransomware attack. So when the attack hit, it got most everything. They chose not to pay the ransom, which is generally the best choice as you may not get your files back anyway. But now they must service 150,000 people manually— until they can recover.
Attackers likely hoped this pressure would force ONWASA to pay their demands— especially since they would be busier after the hurricane. This is very common in ransomware. Attackers rely on pressure and time limits so that the organization is more likely to be emotional and pay up.
West Haven, Connecticut
More targeted ransomware may have struck even as recently as last week. An attack hit the town of West Haven, Connecticut on 10/16, and encrypted 23 of city hall’s servers. The state’s cyber security chief, Art House, mentioned that attackers targeted several towns in Connecticut much the same way.
Evidently the city did not prepare for such attacks, as they were unable to contain the infection until much later the following day. Supposedly the attackers didn’t take any data, but the attack is still under investigation.
The city officials chose to pay the $2000 ransom demand, and are now recovering after making what they call a “one-time fee”. But meeting these ransom demands comes with risks, especially in cases like these. Criminals make note of those who pay ransoms, and are likely to target the city again in the future.
Ransomware Targeted Brewery
If that wasn’t enough, cyber criminals targeted a small brewery in Scotland last month. It all started when the brewery needed to fill a position and posted their job opening online. Without them knowing, the criminals shared this listing on numerous local and international job listing sites.
This of course led to many real applicants sending in their resumes. The HR staff just simply believed a friend or colleague shared the job offer. But mixed in with all the legitimate emails was a fake one, with ransomware disguised as a PDF resume.
Thinking the applications were all real, they opened the infected resume, which then encrypted their main server, local backups, and even online backups. They were only able to recover with their off-site backups, which were unfortunately about 3 months old.
So is targeted ransomware increasing?
Without more research, it is hard to know for sure. Many crooks still prefer to cast their net wide and try to infect as many systems as possible, but this has its limitations. Targeted attacks give a higher chance of success, and that may mean a better chance of being paid.
So now, many researchers believe that targeted attack are increasing. Mark Stockley, writer for cyber security firm Sophos, says that these attacks are snowballing. Because the attacks are more specialized, they can be made more devastating to victims. And this makes victims more likely to pay the demands.
What can my business do?
Whether you’re looking to defend from the increasing ransomware or other targeted attacks, having adequate security is key. Making sure your system is difficult to break into makes attackers less likely to invest the time to attack your network. So make sure your perimeter is well defended and assessed regularly.
If attackers do make it through, you want to make things difficult for them within your network as well. Limiting user access to only what they actually need and monitoring activity within the network are great steps to take.
Need more help? Astria is ready and able to assist you. Want to see where your strengths and weaknesses lie? Our Vulnerability Assessments are a great help. Just need more info on cyber security? You can contact us for a consultation.
Whatever you may need, Astria is ready to help you avoid the headaches of the increasing targeted ransomware campaigns!