Ransomware attacks are on the rise. Depending on which security company you get your news from, the percentage increase from 2018 varies from 110% to a whopping 365% as reported by Malwarebytes Labs. Also important to note: attackers are going after government institutions in the US in a noticeable way. Since the start of 2019, there have been 22 documented attacks on city, county or state governments, including the high-profile incident in Baltimore which I wrote about back in May of this year which has thus far resulted in $18 million in remediation costs and lost revenue. Not to be outdone, the state of Texas can add new record to its list of big things: 23 local government organizations were attacked simultaneously in what is being called the largest coordinated ransomware attack against multiple government entities…so far.
What this means for you
Unless you happened to be served by one of the 23 unlucky institutions affected by this attack, this will be one more splash of water in our ongoing drink from the malware fire hose. Texas officials are keeping mum so far on who-what-where’s of the attack, but if I had to guess, someone got phished via email, gave up credentials, which led to the hackers being able to drop malware on critical systems that all went off on August 16th. Given the breadth of the attack, it’s likely the attackers have been working this particular set of targets for months, meaning it was organized and purposeful.
You might not have noticed this, but ransomware attacks had slipped to the background in 2017, but they are back with a vengeance and focused on businesses and government entities because the hackers realized deeper pockets are just as susceptible to ransomware, and are more likely to pay ransoms because they can’t afford to not pay, as seems to be painfully exemplified by Baltimore’s ongoing recovery. As always, your best protection against this type of malicious, technological pollution is a multi-layered defense perimeter that consists of at minimum: email filtering, workstation and server malware protection, a strong firewall, and cloud-based backups. If you can add employee training to that list, you will be much better protected than your neighbor or even the competition. And in case you were wondering where you might be able to cover all these bases with one call, just give us a ring.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
