A county government in Ohio was recently forced into a technological blackout after a ransomware attack shut down its entire IT infrastructure.
The breach began when an unsuspecting employee clicked on either a link or attachment in an email that, at first glance, seemed to be a legitimate source. Unfortunately, it was a phishing email, and the link or attachment released a virus into the system, affecting the county’s police force, county auditor’s office, and clerk of courts.
Licking County, with a population of more than 166,000, was forced to close down all of the phones and computers on its government network in order to stop the malware spreading.
According to local news station WBNS, the decision to lock down the county government’s IT infrastructure was made after officials found that more than one thousand PCs had already been infected.
All operations had to be handled manually for over a week. Information was written out by pen and paper, while the respective offices asked for citizens trying to contact them to visit the department in person.
The attack was confirmed to be ransomware, which encrypts files and holds information hostage until a ransom is paid to unlock the system. The details of the ransom were not revealed in this instance, but such cases are increasingly demand bitcoins, the digital currency system. A St. Louis public library was held up for $35,000 in bitcoins last month, the same week as a Texas police department refused to pay a $4,000 demand.
Licking County refused to pay the undisclosed fee, instead working to rebuild its system, a move that officials say was possible because of good backups and the quick system shutoff.
Don’t pay the ransom
The problem with paying ransoms should be obvious: You are relying on criminals to keep their word. There is no guarantee that your systems will be returned to normal, and even if it does, you could find yourself marked as a good target, vulnerable to repeat infection and extortion.
“These attacks will not stop,” Moshe Ben-Simon, co-founder and vice president of TrapX Security said last month, talking to Infosecurity Magazine. “If you pay them […] they have every incentive to come back and try to ransom your data again.”
Stopping the attacks from being effective can be straightforward if you know what to look out for. Ransomware relies on the user opening attachments or links from phishing emails. Discover how to spot attacks with the Phishing Staff Awareness eLearning Course