In August 2017 a ransomware attack on several Scottish hospitals hit the headlines, this was followed by small tow sheriff departments being hit in the US, the culprit was BitPaymer. A year has pass but have lessons been learnt?
Sadly, it seems not, a borough and a town in Alaska (Matanuska-Susitna or Mat-Su) have been hit hard by a ransomware attack, this forced officials to think quickly to keep departments open. Grabbing typewriters and creating hand written receipts, they managed to keep things flowing.
The services that were hit included pool, libraries, animal care, landfill, collections, as well as several web services such as e-commerce. The Mat-Su government did comment that “most data” was not lost to the attack.
However, the systems that were hit included, nearly all 500 workstations and 120 out of 150 servers were affected. According to the report into the event, this was a zero-day attack, meaning these ransomware exploits had never been seen before.
“Without computers and files, Borough employees acted resourcefully. They re-enlisted typewriters from closets and wrote by hand receipts and lists of library book patrons and landfill fees at some of the 73 different buildings,” Public Affairs Director at Mat-Su Patty Sullivan wrote in a post last week.”
The report showed that the ransomware was dormant on the computers since as early as the 3rd May, but the attack happened on the 23rd July – when the crypto locker portion of the ransomware started encrypting the drives on the network.
What can be learnt from this recent attack?
Email is still the main entry point of ransomware deployment, these can be disguised as invoices (pdf or Word files) or invites to click links to files stored on dropbox.
We have covered email scams and how to spot them before in another post but here’s just a quick reminder of how to cover yourself from attack:
- Keep Antivirus up to date – most now have a ransomware element incorporated
- Double check links in emails before you click on them
- Only open attachments from trusted sources, if you are not expecting an invoice double check who sent it
We hope you found these tips useful, but if you still have questions and would like to discuss security please call us in the office on 01444 250404.