What makes these attacks even more galling is that they may have been caused by a tool stolen from the National Security Agency.
What Is the Scope of this Ransomware Attack?
In recent months, cities including Albany, Baltimore, Cleveland, San Antonio and many others fell victim to ransomware attacks that held data and systems hostage. Hackers asked for bitcoin payments in order to release the affected systems.
Institutions pay a steep price in these attacks. For example, the Allentown, Pennsylvania, attack in February 2018 shut down key city services for weeks and cost $1 million to fix plus an additional $420,000 annually for new security tools.
The consequences in Baltimore have been disastrous. Two weeks after the May 7 attack, 10,000 city computers remained frozen, up to 300 real estate transactions were postponed and bills could not be issued.
What Is the NSA’s Role in this Wave of Attacks?
The New York Times broke the news that the attacks on Baltimore and elsewhere were the result of a stolen NSA tool called EternalBlue. The tech, stolen by state hackers in China, North Korea and Russia, has allowed bad actors to carry out a wide swatch of disruption and damage worldwide. Perhaps the most notable example is the WannaCry worldwide attack that infected computers worldwide, all based on the EternalBlue vulnerability.
RobbinHood, a ransomware strain tied to EternalBlue, is suspected in the Baltimore attack. However, NSA officials, who have spoken little about the attacks or EternalBlue leak, have denied that EternalBlue was used in the Baltimore attack.
How Did Baltimore Respond?
Even in late June, Baltimore continued to struggle. City officials don’t know when systems will be restored, payments to contractors are delayed and officials have asked for a federal emergency and disaster declaration.
The city also refuses to pay the $100,000 ransom. The attacks have caused at least $18 million in recovery expenses and lost productivity.
Who Is Most Vulnerable to these Attacks?
Luis Alvarez, president of Alvarez Technology Group, believes that health care providers are particularly vulnerable to these attacks. “Hospitals are a particularly favorite target because they have so much data to be exploited,” he said in a recent interview. “The bad guys know that organizations like hospitals are required by law to have access to patient information. If hackers encrypt that information, hospitals have no other way of recovering other than paying the ransom.”
What Can Companies, Cities and Organizations Do?
The most critical takeaway in these attacks is the importance of having a comprehensive security strategy in place. City IT officials had warned that Baltimore’s networks were outdated and vulnerable to attacks.
Security plans must include regular patching of software, network monitoring, anti-spam and anti-phishing protection, and regular assessments to identify system vulnerabilities and solutions.
Alvarez Technology Group offers comprehensive security assessments and solutions to businesses and agencies. To learn more about how the leading IT managed services and security company can keep your organization protected, schedule an initial consultation today.