Two weeks after hackers took control of Baltimore’s city government servers with ransomware, online business remains at a standstill. The public can’t make online payments to various city departments and government workers can’t access emails. Hackers are demanding 13 Bitcoins, roughly $100,000, to free about 10,000 digitally seized computers. Baltimore Mayor Jack Young says the city won’t pay.
Last month, ransomware hackers also shut down city government servers in Greenville, NC. In March, Norwegian metal and power specialist Norsk Hydro was attacked, causing the company to shut down much of its industrial operations.
A new report finds that ransomware attacks are dropping, but at the same time they are becoming more sophisticated and costly. Last year, Atlanta refused to pay about $50,000 in Bitcoin to its attackers. Instead, the city wound up spending $17 million to fix its system.
Cybercriminals use custom coding and maximize opportunities
Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.
Experts predict ransomware attacks will cost businesses alone nearly $11 billion this year. That’s way up from the $325 million reported in 2015.
Fortinet’s newly released “Global Threat Landscape Report” states that high-value targets such as city governments, hospitals, universities and large corporations are at most risk for a ransomware attack.
In addition, hackers are creating “increasingly sophisticated coded attacks” that tailor ransomware to whatever organization, institute or business they are attacking.
Cybercriminals also are using the same infrastructure to maximize attack opportunities. Fortinet’s report finds that nearly 60% of threats share the same domain. That means these dangerous ransomware hackers are getting into a system through a door other cybercriminals created earlier for other purposes.
Once ransomware hackers get into the system, they compromise it so it can start receiving malicious commands from the attackers’ servers. The attackers then have control over the system.
“This suggests infrastructure plays a particular role or function when used for malicious campaigns,” the report said.
How sophisticated are these new ransomware attacks?
When assessing how highly developed these attacks have become, think China or Russia.
“We, unfortunately, continue to see the cybercriminal community mirror the strategies and methodologies of nation-state actors, and the evolving devices and networks they are targeting,” said Phil Quade, Fortinet’s chief information security officer in a press release.
Quade warns there are no easy fixes to stop these new kinds of ransomware attacks. He says organizations need to start treating cybersecurity more like a science and really understand the fundamentals of speed and connectivity to create a line of defense.
Using artificial intelligence (AI) strategically also can expand an organization’s protection.
“Leveraging machine learning and automation as the building blocks of AI can provide tremendous opportunity to force our adversaries back to square one,” Quade said.
A Fortinet blog delving deeper into the report states that “Security leaders need to understand what ransomware attacks are targeting — geography and vulnerabilities, prioritize patching, and establish backup, storage and recovery activities.”
That way, the blog continues, “Detecting and preventing ransomware is becoming more of a ‘game of choice’ rather than a ‘game of chance.'”
As for Baltimore, this isn’t the first ransomware attack the city has endured. Last year, a separate attack shut down the city’s 911 system for about a day.