Despite better security solutions now available to combat ransomware, old and new strains are still being utilized to great effect. The latest report from Bleeping Computer, is focused on the “Ryuk” ransomware, being used by a group in Eastern Europe to attack municipalities in North America. Borrowing code from the previously seen “Hermes” malware, attributed to the North Korean hacker group Lazarus, the Ryuk strain is hitting smaller government offices, communities and enterprises quite successfully, and in this case, Jackson County ended up having to pay them USD$400,000.
There is a reason hackers are hitting these municipalities and smaller offices. The effects of these ransomware attacks can be enormous, especially for government organizations; reducing activities to a crawl, wreaking havoc on government services, and still costing the organizations ransom in exchange for decryption keys. As noted in the article, Jackson County, Georgia was hit, forcing county offices to revert to paper to do their jobs, slowing operations to a snail’s pace.
Because the county did not have a backup system in place, it either had to take a huge operational hit and be offline for a long period; spending money to rebuild their networks and hopefully incorporate a much needed data backup policy and network security system; or it had to pay the $400,000 ransom, which it ended up doing.
Unfortunately, Jackson County was not the only victim of this new Ryuk ransomware. Major newspapers in the US, whose printing and delivery were greatly affected by attacks in December of 2018, were also not immune. A list of those hit include some major publications, such as the Wall Street Journal, New York Times, Los Angeles Times, Chicago Tribune and Baltimore Sun, to name a few.
However, Jackson County exemplifies the case of small organizations such as municipalities having to continually cut costs to the extent that resources are always scarce for these organizations. The decision facing these CIOs is what sort of solutions could be put into place to battle these attacks and to ensure they will not be affected again?
Wedge’s position is that even if they had the resources to implement a proper data backup and maintenance program, these organizations need to put in place a real-time solution like Wedge Advanced Malware Blocker (WedgeAMB), where ransomware attacks could be detected and blocked before they have a chance to even enter the organizations’ networks. The reasoning is simple –ransomware’s approach today is to encrypt an organization’s resources, but it is easy to paint the picture that in the future, exfiltration of data OUTSIDE the organization is the next step of ransomware’s evolution. You heard it here first!
Together, with its Deep Content Inspection technology, combined with AI-algorithms and multiple malware databases, WedgeAMB can see the content in real-time and block ANY content that is deemed malicious before it has a chance to do any damage. Having such a system in place would definitely have prevented attacks such as the ones perpetrated on Jackson County and the various newspapers.
So we argue that prevention could be the cure instead of relying on detection and expensive remediation and out of our civic responsibility to our municipalities out there, Wedge is offering its Wedge Advanced Malware Blocker FREE for 90 days. Email our team at info@wedgenetworks.com to see how your organization could benefit from a solution that can make ransomware attacks obsolete!