Ransomware quickly rose to become the current biggest software security threat out there. It was so rampant that seven out of 10 companies think that their security risks increased significantly in 2017 due to ransomware outbreaks.
And what will you do if disaster strikes your organization and shuts your entire computer system down? The employees in this government office in Alaska did the best thing they could – they brought out their typewriters, calculators, and even good old fashioned pen and paper!
But were they hit with a run-of-the-mill ransomware attack or something more sinister? Read on and learn the shocking way this newly discovered malware is shutting down municipalities across the country.
Two large municipalities in Alaska are still trying to recover from a major cyberattack that crippled government office computer systems since early last week.
The systems of the Borough of Matanuska-Susitna (Mat-Su, for short) and the city of Valdez were both devastated by ransomware, believed to be of the Cryptolocker variety, which knocked their computer networks down.
In Mat-Su’s case, their entire system, from email and accounting down to its electronic door key card network, had to be shut down due to the infections. Over 650 Mat-Su computers and servers have been disabled for now as they are being rebuilt and scrubbed clean from the malware.
Mat-Su goes retro
But the show must go on, as they say, so the Borough employees went totally old-school – they busted out old typewriters from closets and manually wrote receipts with pen and paper. Relying on Reagan-era equipment is hard work but it seems to be working for now.
“We have a manual system in place. We’re handwriting tickets,” public works director Terry Dolan told Anchorage Daily News. “It’s going about as well as can be expected.”
They are now currently rebuilding their whole computer system but it may take up to three weeks before the Borough can resume its normal operations. Thankfully, most of their data can be restored with their multi-tiered backup systems.
The Borough also said that credit card data was stored on a separate system and it was not affected by the malware attack.
Malware fought back
The Mat-Su Borough first noticed signs of a malware infection in their systems on July 17, when their company antivirus program started to detect an unusual trojan lurking in their Windows 7 machines. The antivirus program tried deleting the malware but some of its malicious components remained.
The Borough’s IT department then deployed a script on July 23 in an attempt to remove the remaining components. User and admin passwords were also forced to reset on the same day to contain further infections and data breach intrusions.
Now here’s the scary part. These actions apparently triggered the malware to fight back, either by automation or via remote control, and it unleashed its CryptoLocker component on Mat-Su’s whole network.
The malware’s retaliation was swift – the ransomware was able to encrypt and lock the files of all 500 of Mat-Su’s workstations and 120 out of 150 of its servers. The Borough had no choice but to take their whole network offline and inform the FBI of what just happened.
How it all started
Mat-Su’s IT Director Eric Wyatt noted that the hackers may have planted the seeds of the attack months before the discovery.
“This attack appears to have been lying dormant and/or undiscovered within our network since as early as May 3rd,” Wyatt revealed in a report.
He also suspects that an employee may have opened a malicious attachment or clicked on a poisoned link that introduced the malware to their network. He’s not laying the blame on his fellow Mat-Su employees, however.
“Even if we find the person initially that was fooled by this phishing attack, this is not finger-pointing whatsoever,” Wyatt told Anchorage Daily News. “The only people to blame for this is the people that wrote this virus.”
A multi-pronged attack
Wyatt describes this incident as a “multi-pronged, multi-vectored attack,” which means that the malware was not a single virus but it is, in fact, a hybrid of different viruses including a banking trojan horse, a “time bomb,” a killswitch, and of course, the CryptoLocker ransomware. He also suspects that an external hacker may have logged in to their network remotely.
Wyatt also wrote in his report that this is a zero-day attack. This means that the malware is new and it’s still not included in their antivirus software’s virus definitions. This explains why their antivirus software failed to remove the malware entirely.
Is this incident a part of a larger campaign? Well, Wyatt said the Mat-Su incident matches the attacks on multiple sites across the U.S., including the similar situation in the nearby city of Valdez.
Could it be a smokescreen?
The timing of the deployment of the CryptoLocker ransomware on Mat-Su’s systems is interesting since it came after the discovery of the virus.
Could it be simply a smokescreen for the real purpose of the campaign? Wyatt thinks so. He thinks that the entire attack’s purpose is not for financial gain but for massive disruption.
Protect yourself from costly cyberattacks
It’s now clear that ransomware is becoming the hackers’ go-to choice. Whether you’re aiming to protect yourself, your family or even your business, you need a solid plan of action. That’s why it’s critical that you follow these steps.
- Stop ransomware at a distance: Your best option to defeat ransomware is to keep it off your computers in the first place. Keeping your operating system and web browser up to date is critical. Security holes in these areas can let hackers bypass your security software to slip files onto your system. Learn how to install the latest updates for Windows, and how to make your web browser hacker-proof.
- Stop ransomware before it runs: If you end up with hidden ransomware in your inbox that doesn’t mean that the game is over. In fact, there’s a simple way you can stop the ransomware before it starts. Don’t click anything that looks suspicious.
- Have solid online security protection: This is a no-brainer. If you use the internet, then you need to have solid internet protection.
- Have a backup plan – this is the best way to recover your critical data if you are infected. Having a backup of all your files can have your systems running again in no time at all.
Bonus: Backing up your critical files is important with all the digital threats we face. We recommend our sponsor, IDrive, for fast and reliable cloud backups. Tap or click here to backup all your gadgets with IDrive and save 50% on all your backup needs.