Another week, another state agency goes offline
Ransomware has now become a staple in the weekly news diet, as yet another attack made the headlines last week, temporarily crippling local governments throughout the state of Texas.
A total of 22 entities were reported to have been taken offline following the incident on Friday, believed to have been instigated by a “single threat actor,” according to the Texas Department of Information Resources (DIR).
The majority of those impacted were local governments, the DIR said, but state systems and networks remained unharmed. A DIR representative could not disclose details regarding the specific municipalities that had been affected.
While more than 25% of affected entities were back to business as of Tuesday this week, the latest incident has reaffirmed the lack of preventive strategy by local governments, and indeed the resurgence of ransomware across the US.
“These aren’t brand new threats,” said Adam Kujawa, director of Malwarebytes Labs, a cybersecurity firm that has been documenting the ebb and flow of ransomware, alongside other digital threats, over recent months.
“There are still people out there who think that it won’t happen to them.”
Despite calls for heightened digital vigilance, cybercriminals have continued to find holes in the defenses of both consumer and business targets, returning once more to the use of ransomware – a threat that was thought to be on the way out, replaced by an attacker’s preference for cryptominers and information-stealing trojans at the start of last year.
“Clearly, while we thought ransomware was under control, it’s not,” Kujawa said.
A recent report by Malwarebytes, dedicated strictly to ransomware and released earlier this month, speaks to Kujawa’s frustration with outdated software and a minimal focus on security – the building blocks for a ransomware infection.
Education, healthcare, and government are particularly at risk, the report states, with ransomware detections on business steadily increasing – a 365% rise from Q2 in 2018 to Q2 in 2019, with families Ryuk and Phobos making a noticeable mark over the last quarter, an 88% and 940%, respectively.
“Better return on investment, the fact that these exploits and tools exist and do such a good job at spreading these [ransomware families] around, an increase in use of manually attack ransomware, and all this coverage that the ransomware gets,” Kujawa said, further illustrating the multiple factors in an attacker’s choice to deploy ransomware over another tool in their arsenal.
“But I think, overall, the amount of ransomware that we’ve been seeing over the year, and past six years, has brought cybersecurity into the minds of people,” he added.
While the same attacks are being regurgitated, the US population – where ransomware detections are highest – does appear to be waking up, according to a survey commissioned by threat intelligence firm Anomali in July, which reveals how one in five Americans have experienced a ransomware attack on a personal device.
This is put in comparison to the FBI’s Internet Crime report, which states how there were 1,493 victims to ransomware across the US in 2018 – a threat less prominent when put next to the over 20,000 persons who fell victim to business email compromise (BEC) scams that same year.
However, whatever the threat, the Anomali survey reiterates the need for more political focus on digital threats, with 81% of the 2,000 adults saying that cybersecurity should be a priority for the US government.
More than 60% of Americans even supported a federal income tax increase to help government defend against cyber-attacks.
“Eventually a private effort to defend against it [digital threats] is no longer viable, and we’re going to see a bigger push for governments to offer protection,” Kujawa said.
“The last five years have been a buffet for cybercriminals.”
Research in May from Recorded Future states that only 169 ransomware incidents have impacted state and local governments since 2013.
The Washington Post reports how 200 state and local governments have been hit by ransomware in recent years.