Researchers at Kaspersky, a global cybersecurity solutions provider, observed that ransomware has targeted at least 174 municipal institutions (with more than 3,000 subset organizations) in 2019, that’s a 60% increase compared to 2018.
The firm’s “Kaspersky’s Security Bulletin: Story of the Year 2019” also found that actual costs and damages may be higher than the $5 million, the amount that threat actors “usually demand.”
According to Kaspersky, the year 2019 has seen the rapid development of an earlier trend, where malware distributors have targeted municipal organizations. Researchers note that while these targets might be less capable of paying a large ransom, they are more likely to agree to cybercriminals’ demands. Blocking any municipal services directly affects the welfare of citizens and results, not only in financial losses but other socially significant and sensitive consequences.
Have you read “Ryuk ransomware suspected in US newspaper cyberattack”?
Judging by publicly available information, the ransom amounts varied greatly, reaching up to $5.3 million and more than $1 million on average. The researchers noted that these figures do not accurately represent the final costs of an attack, as the long-term consequences are far more devastating.
“One must always keep in mind that paying extortionists is a short-term solution which only encourages criminals and keeps them funded to quite possibly return,” said Fedor Sinitsyn, a security researcher at Kaspersky.
Sinitsyn also explained that once the city has been attacked, the whole infrastructure is compromised and requires an incident investigation and a thorough audit.
“This inevitably results in costs that are additional to ransom. At the same time, based on our observations cities might be sometimes inclined to pay because they usually cover the cyber risks with the help of insurance and allocating budgets for incident response. However, a better approach would be also investing in proactive measures like proven security and backup solutions as well as a regular security audit.”
Kaspersky researchers name Ryuk, Purga, and Stop as among the top three most notorious malware families often used by threat actors.
Ryuk appeared on the threat landscape for more than a year ago and has since been active all over the world, both in public and in the private sectors. Its distribution model usually involves delivery via backdoor malware which in turn spreads by means of phishing with a malicious attachment disguised as a financial document.
Purga malware has been known since 2016, yet only recently municipalities have been discovered to fall victims to this trojan, having various attack vectors — from phishing to brute force attacks.
Stop cryptor is relatively new having appeared for only a year. It propagates by hiding inside software installers. This malware has been popular, No. 7 in the top 10 most popular cryptors ranking of the third quarter of 2019.
“While the trend of attacks on municipalities is only growing, it can be stifled and nipped in the bud by adjusting the approach to cybersecurity and what is more important by the refusal to pay ransoms and broadcasting this decision as an official statement,” said Sinitsyn.
To avoid such malware infiltrating organizations, Kaspersky has the following recommendations:
- It is important to install all security updates as soon as they appear. Most cyberattacks are possible by exploiting vulnerabilities that have already been reported and addressed, so installing the latest security updates lowers the chances of an attack
- Protect remote access to corporate networks by VPN and use secure passwords for domain accounts.
- Always update your operating system to eliminate recent vulnerabilities and use a robust security solution with updated databases
- Always have fresh back-up copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device) and store them not only on the physical object but also in cloud storage for greater reliability
- Remember that ransomware is a criminal offense. You shouldn’t pay a ransom. If you become a victim, report it to your local law enforcement agency. Try to find a decryptor on the internet first – some of them are available for free here.
- Educating the staff in cybersecurity hygiene is necessary to prevent attacks from happening. Kaspersky Interactive Protection Simulation Games offer a special scenario for local public administration that is focused on threats relevant to them.
- Use a security solution for an organization to protect business data from ransomware such as Kaspersky Endpoint Security for Business. The product has behavior detection, anomaly control and exploits prevention capabilities that detect known and unknown threats and prevent malicious activity.
- One can enhance their preferred third-party security solution with free Kaspersky Anti-Ransomware Tool.