Ransomware Attack in New Mexico: A ‘Gut-Check’ for Local Government Entities

Ransomware Strikes New Mexico

On January 5, 2022 between Midnight and 5:30 a.m. ransomware struck Bernalillo County in New Mexico. The Albuquerque Journal reported that the attack affected “a wide variety of county government operations. Most county buildings were closed” which halted many of the counties operations.

All Bernalillo County websites were offline as a result of the cyber attack which made working with the public very difficult, but most concerning was the way the county-operated jail was affected. Government officials were unable to access cameras which caused inmates to be temporarily limited to their cells. Inmates were also reduced in their access to telephones, tablets, and unable to have visitors. The facility was on lockdown for several days following the attack. 

Bernalillo County was not the first Ransomware attack on a local government entity and certainly will not be the last. These ransomware attacks are frequent and not only disrupt government services but can also compromise data and have significant impacts on local communities.

Ransomware Attacks Targeting Local Government Entities

According to The Washington Post, “in 2019, cybersecurity experts noticed a significant increase in ransomware attacks on municipalities, cities, and towns across the country and these attacks continue to trend upward. Cyber criminals target local governments because oftentimes these organizations have limited personnel, equipment, budget, and resources to devote to cybersecurity. 

The FBI has said concerning the matter that local government entities will continue to experience ransomware attacks. Especially as “deployment and targeting tactics evolve, further endangering public health, safety, and resulting in significant financial liabilities.”

Is your City/State/Municipality Prepared?

Months later, Bernalillo County continues to feel the effects of this ransomware attack. This devastating attack certainly serves as a gut check for other local government entities. Are you prepared to withstand a ransomware attack? Do you have a data backup strategy in place? Are your employees adequately informed and understand the risks/vulnerabilities?

ENSURE you are SECURE

Trinsio is a data backup solution that will ensure that your data is secure. As a Rubrik strategic partner, Trinsio offers top-of-the-line technology for a fraction of the cost. Trinsio understands that your small town is important to you & will help you first, to understand your data, and then create a plan to protect it.

US Trucking and Logistics Companies Fall Prey to Ransomware Gangs

Cybersecurity is an ever increasing necessity as ransomware attacks occur more frequently. Three companies, all a part of the transportation and logistics industry, have experienced this in the past few months. 

 

Transportation and Logistics ransomware attacks

On December 15, 2020, Forward Air, a trucking and logistics company located in Tennessee, was attacked by ransomware group Hades, which resulted in a loss of revenue. This targeted attack left the company vulnerable to further data loss and affected both their operational and information technology systems. A note found on their computer screens threatened the total loss of their data unless they complied with the instructions to follow a link to a dark website. No ransom amount was included with the initial message, only a note that the link would provide further instructions.  A week later their website was back up and they looked to be on their way to a recovery.

During that same month, another company, OmniTRAX, was attacked and had at least 70 GB stolen and leaked through a well known leak site. OmniTRAX was the first US Freight rail operator company to be targeted by this kind of cyber attack. OmniTRAX, located in Colorado,also refused to comment on the scale of the attack, however they will be inputting more cyber security measures to prevent future attacks. 

DSC Logistics, located in Illinois, was also attacked  late January of this year. As with the previous companies, they did not comment on the effects of the attack. They did not pay the ransom demanded, apparent by the company being listed on a leak site. However, due to cyber security measures already in place, the attack did minimal damage to the company, with data unknown to have been stolen.With “security practices and response measures” already in place, DSC Logistics was the most prepared for and least affected by a cyber attack (Tabak, 2021). Even so, they are also increasing their cyber security to prevent further damages.

 

Federal Bureau of Investigation taking steps to take down ransomware gangs

As evident by the location of each of these companies, the entire nation is susceptible to cyber and ransomware attacks. It is a growing concern, and one that our nation is taking steps to eliminate. The Federal Bureau of Investigation recently disrupted activities of a well known ransomware gang Emotet. They are responsible for millions of computers affected and hundreds of millions of dollars in damages. The FBI are currently working with private and public entities to stop Emotet from further destruction. 

Along with ransomware gangs, individuals involved in these gangs are being investigated. Take Sebastien Vachon-Desjardins, a Canadian indicted in Florida. From his charges in the indictment, it is supposed that Desjardins has accumulated over $25 million from cyber crime.

The Department of Justice is also actively pursuing and investigating the ransomware gang NetWalker. NetWalker’s attacks have targeted several different entities, from hospitals to universities. The FBI has seized approximately $500,000 of their ransom payments. 

No one is completely safe from ransomware attacks, as evident by these three examples. It is in your best interest to have the security measures in place that will prevent damage to your company and yourself. Do your part by increasing your cybersecurity. If you are a victim of an attack, contact your local FBI authorities and file a report. Every recorded attack helps the effort to stop cyberattacks and ransomware gangs.

New CyberEdge Cyberthreat Defense Report Shows Scary Stats

CyberEdge Group, a well-known marketing and research firm with a focus in technology, recently came out with the newest CyberEdge Cyberthreat Defense Report (CDR). The report surveys large companies (500 or more employees) around the world and spans 19 different industries. It reports on the companies’ relative preparedness to the rest of the survey population and the cyberthreats they encountered throughout the year. The survey is fairly comprehensive and provides a good standard on how to measure how businesses across the world are combating cybersecurity threats. 

This year’s report confirmed the prevalence of ransomware and other cyberthreats, as well as introduced new IT trends. We’ve brought to you the top five insights from this year’s report:

1. In 2020, over one-third of the organizations surveyed by CyberEdge experienced more than 6 successful cyberattacks. 2020 saw the highest percent of organizations experiencing successful cyberattacks since 2015 (80.7%). 

While the trends on cyberattacks have been scary, never before have we seen these kinds of statistics. Let’s think about what this means; on average, over one-third of the organizations surveyed fell prey to a cyberattack every two months. With that magnitude of interruptions, cyberattacks are sure to be a serious hindrance to those businesses’ ability to create new value for themselves and their customers. 

Additionally, we have seen an increase of 10 percent in the number of organizations who experienced a successful attack since 2015. With over 80 percent of those surveyed reporting that they experienced at least one attack in 2020, the chances of any business experiencing a cyberattack at least once during 2021 are only ever increasing.

2. 62% of organizations were victims of ransomware (this has been steadily rising since 2017). An increased number are paying the ransom demand, too (58% of victims, compared to 45% in 2019).

Lane Livingston, CTO and Co-Founder of Trinsio said in a recent interview, “In today’s world there are a few things that will make or break your company, regardless of your size or industry. In addition to the list you are thinking about (key employee retention, brand and reputation, sales and marketing, customer retention), an often overlooked but potentially even more devastating source of disruption and destruction is cybersecurity.

“If your IP or critical data is exposed or encrypted and held for ransom (Ransomware), what’s the impact on your business? What if that data is irretrievably lost? Two critical facts: 1, According to DHS, every business will have a cybersecurity breach within the next two years. That is everyone. 2, 70%+ of all businesses who lost critical data in a data breach or data loss scenario will go out of business within 2 years.   Prepare and plan or crash and burn.”

3. More organizations than ever are saying they are very likely to experience a cyberattack in the next year (69%). 

While the number of organizations that recognize that they are susceptible to cyberattacks has increased, it is still in question whether organizations are doing enough to turn that around. The CyberEdge DFR reported that the organizations surveyed saw lack of budget as a barrier which inhibited their organizations from adequately defending against cyberthreats. 

4. 85% of respondents said they wanted security products with machine learning and AI. 

Many of the other barriers which prevented adequate defence against cyberthreats (such as too much data to analyze, insufficient automation of threat detection and response processes could be solved with Artificial Intelligence (AI). AI as a tool against ransomware has proved to be a great asset, and this new trend suggests that companies are beginning to see that. As the threats against us get smarter, so must we! 

5. One of the biggest barriers in 2020 in cybersecurity remains the lack of available skilled professionals.

The highest ranked barrier to establishing effective cybersecurity defenses for 2020 was the lack of skilled personnel, with the next highest barrier being the low security awareness among employees. Until organizations can effectively increase the security awareness for their employees, they will be hard pressed to have an effective cybersecurity posture. As the saying goes, the chain is only as strong as its weakest link.

Want to check out more interesting security trends in 2020? Read this article. Looking for ways to improve your organization’s cybersecurity posture? Click here.

Joe Biden, Bill Gates, Elon Musk, Apple, Uber Twitter Accounts Hacked and Used in Bitcoin Scam

Yesterday between the hours of 4 and 7 pm, the Twitter accounts of several prominent people, including Elon Musk, Bill Gates, Apple, Kanye Kest, and Barack Obama, were hacked. Each account tweeted about the bitcoin scam, calling it a charitable act. The tweet sent from Bill Gates’s account said, “I am giving back to the community. All the bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes.” 

Twitter blocked several tweets as they became aware of them, but in some cases, the hacker group was able to publish more tweets with the same message because they remained in control of the accounts. To regain control, Twitter eventually had to disable large amounts of its services, including the ability for verified accounts to tweet, for several hours following the breach. During those 3 hours that the hackers remained in control of the accounts, the bitcoin wallets from the tweets received 300 transactions totaling $118,000.

Anonymous sources told Vice’s Motherboard that the hacker paid off an inside source to obtain access to the twitter internal system. However, in a tweet thread on Twitter’s support account providing updates to Twitter’s investigation of the incident, it was reported that Twitter detected what seemed to be a “coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

In a later tweet, they stated that they didn’t believe any passwords had been compromised and that resetting passwords was unnecessary. 

While this is the first reported incident that hackers were able to get access to Twitter’s internal accounts and accounts of verified users, this is one of many incidents of social engineering attacks that were successful. 

So how can you prevent this from happening to you? 

As your business’ weakest link, your employees should be able to recognize a social engineering attack and know how to react. This bitcoin scam is especially interesting because of the social engineering that happened on two levels; On one level, the 300 people who fell for the bitcoin scam could have prevented the loss of their savings by educating themselves about basic social engineering tactics. On another level, Twitter’s employees (if it was truly a phishing incident) may have been able to prevent this whole debacle if they had been better equipped to identify phishing attacks.

T-Mobile DDoS Attack Was Just a Network Issue

A tweet meant to spread misinformation sent much of the U.S. into a panic on Monday. A countrywide T-Mobile network outage was mistaken for a Distributed-Denial-of-Service attack when the Twitter account @YourAnonCentral claiming to be Anonymous affiliated tweeted Monday about a major DDoS attack on the U.S. Included in the tweet was a world map claiming to show proof of the large DDoS attack on the U.S.

Marcus Hutchins, a former black hat hacker turned white hat and cyber researcher responsible for stopping the WannaCry ransomware attacks in 2017, along with other cyber researchers, proved these tweets false that same day. About the map, Hutchins said it “show[s] a random sample of global DDoS traffic badly plotted on a world map. It does not indicate an attack against the US, it lacks context to make any inferences at all (other than DDoS attacks are happening all day every day).”

https://twitter.com/MalwareTechBlog/status/1272647109833940992

Other false reports of major outages with other services added to the confusion. The popular site for detecting outages Downdectector did detect outages for other major cellular carriers (Verizon, AT&T, Metro, Sprint, Consumer Cellular, US Cellular). However, Verizon assured DCD that its network was performing well: “We’re aware that another carrier is having network issues. Calls to and from that carrier may receive an error message. We understand Downdetector is falsely reporting Verizon network issues.”

AT&T also reported that its network was working properly.

https://twitter.com/ATTNEWS/status/1272642265056522242

Additional popular services were reported to be under attack, but researchers believe that this may be in consequence of T-Mobile users not being able to reach those services. Among those reported to be having problems were internet providers (Spectrum, Comcast, CenturyLink, Cox), social media platforms (Facebook, Instagram, Twitter, Snapchat, Twitter), gaming services (Fortnite, Roblox, Call of Duty, Steam, Xbox Live, Playstation Network), streaming services (Netflix, Hulu, HBO Now, Twitch), Banks (Chase Bank, Bank of America), and other major services (Doordash, Google, Zoom).

https://twitter.com/MalwareTechBlog/status/1272656800400044032

T-Mobile was able to fix what turned out to be a routing issue by 11 pm Monday evening. T-Mobile’s President of Technology Neville Ray tweeted an apology, with a promise that improvements were made to prevent future events like this.

Even though the panic of Twitter users turned out to be for nothing, this false alarm seems to beg the question, what would have happened if such a large scale DDoS attack had been real?

Many of the reported issues were with services that have become staples to businesses and individuals during this pandemic. Without telecommunication and technology services available, would people know how to survive? Events like this should be a wakeup call to organizations, to review and update their disaster recovery plans, or to create one if they don’t have an existing plan. On this blog, we have focused mainly on ransomware and how to recover from a ransomware attack, but a disaster recovery plan should cover all types of cyber threats, including DDoS attacks.

If your company does not have a disaster recovery plan for DDoS attacks (whether pointed at your organization or the services you use), try asking yourselves questions similar to these: Does your organization have a plan in place if you were to lose cell or internet service? What are your organization’s next steps in the event of a DDoS attack to get your services back up? Have you talked to your service providers about services or tools that can help? Do you have locally backed-up copies of mission-critical data? While creating a disaster recovery plan is time consuming, it will always be worth it.

I’ve Been Hit by Ransomware… What Now?

In an article titled “Best practices to remediate a ransomware attack” published through Business & Finance, Filip Verloy, Field CTO EMEA of Rubrik says, “As the use of remote working rises, so do potential threats and vulnerabilities, especially within a smaller business which might not have stringent home working security measures in place. People have been forced to adopt new ways of working at an accelerated pace.” Verloy states the importance of protecting your company from cyberattacks that could come as a result of remote working. He advises every company to “create a ‘work from home guide’ for employees, explain which tools are ok, what basic security measures are expected, and who is responsible for implementing them.”

The FBI has estimated that ransomware will be a $1 billion market in 2021. If a company or organization is not prepared, they may feel that paying the ransom is their only option. The recovery process can be very difficult because it is both expensive, and there is no guarantee you’ll get all your files back. Waiting until you fall victim to a cyberattack in order to develop a data recovery plan is not effective and can be detrimental to your business. It is important to decide now on a backup and recovery solution to ensure your data is secure.

Business & Finance published “Best practices to remediate a ransomware attack” to help you develop your ransomware remediation plan just in case an attack occurs.

You Have Been Hit by Ransomware – What Now?

1. Isolate the infected station from the network.

This is done to prevent the infection from spreading to other devices. Disconnect the network cable, WiFi, USB’s, etc. and turn the power off the affected devices to try and contain the damage.

2. Ensure backups have not been compromised.

Be sure backup data is not in read/write mode because it can be manipulated or deleted by the attacker.

3. Identify the infection.

Ask yourself the following questions: What kind of ransomware are you facing? How did it enter your system? Phishing scam? Stolen user credentials?

4. Determine your options.

There are several options available as you try to recover from an attack: pay the ransom, try to remove the malware, and recover from backups. Unfortunately, paying a ransom does not guarantee the recovery of all your data, and may encourage the attacker further because their attack was successful. Trying to remove the malware has become increasingly difficult as ransomware has become more sophisticated and mutates frequently. If you have a robust backup system, you should be able to restore all data from the most recent backup without paying the ransom.

After you have taken these steps, be sure to notify your team, discover which files are corrupted, restore your files, and inform law enforcement, customers, and other authorities. 

How to Prepare

One of the best ways to prepare for a ransomware attack is to make sure your data is backed up in multiple places. Joel Witts with Expert Insights said, “In the event of a ransomware attack, backing up data means you will be able to mitigate the loss of any encrypted files and regain functionality of systems.”

Trinsio offers full-featured, Rubrik-powered data management with global searchability, instant recovery, and data immutability. We also offer local and cloud data replication to be sure your data is secure. With more than 30+ years of experience in cloud, data center colocation, and communications, Trinsio can provide you with a solution you can trust.

The Top Cybersecurity Concerns for the Upcoming Elections

2020 has not been our year. We won’t air out its dirty laundry, but we all can remember the events that had plagued these first 6 months, with the Coronavirus Pandemic taking the cake. Across the internet, users are wondering “What is coming next?” The Coronavirus seems to have ruined all of our 2020 plans, including future plans, like large wedding celebrations, summer vacations, and now the 2020 elections. 

Heightened Security Concerns with 2020 Elections

Election officials are concerned about the cybersecurity of the upcoming elections, given the entirely new and unplanned circumstances we’ve found ourselves in. Close to 1 billion dollars have been poured into improving security measures for the elections after the 2016 elections were affected by Russian hackers. However, despite the large sums of money that have been put into the increased security, new concerns have arisen that weren’t originally addressed in the security upgrade because of the pandemic. For example, there are many new costs associated with voting facilities because of the pandemic, namely, hand sanitizer and hand-washing stations, as well as the shortage of space needed in current voting facilities to appropriately distance voters and poll workers, as well as an increase in the number of mail-in ballots. These extra costs are coming at the same time when budgets are imploding, and state and local governments do not have extra money available to fund these extra costs. 

Additionally, officials are concerned about the security (or lack thereof) for new online registration portals, which many states have hastily built to help voters social distance. During the 2016 presidential elections, Russian military intelligence conducted cyberattacks against at least one U.S. voting software supplier and spear phished over 100 local election officials. Concerns are that these registration portals could contain security vulnerabilities because of the speed at which they were built. 

Increased Risk in Government Employees Being Spearphished

The Coronavirus has also increased the possibility of local voting officials falling victim to spearphishing attacks because of the number of government employees working from home. While working from home, employees do not have access to all of the safeguards provided at their offices. Beyond secure networks, less physical interaction with coworkers means less communication and more confusion, leaving them more vulnerable to mistaking spearphishing emails as legitimate. 

Misinformation Campaigns on Social Media

Social Media also presents similar security issues with the upcoming elections. Social media became an essential source of information for the 2016 elections and has become an even more central source of election news and information now because of the pandemic. Experts are saying that they expect to see (and have seen) misinformation campaigns closer to elections, set on confusing and swaying voters with incorrect information. 

Most recently, famous blogger Marcus Hutchins reported on his twitter account, MalwareTech, a case where an “Anonymous” group created a fake K-pop giveaway account to gain followers, only to change the profile and start tweeting about the Black Lives Matter movement. This is a great example of one of the ways that incorrect information can be spread over social media. 

While Election Officials and Security Experts do have security concerns, as voters and citizens, we can educate ourselves about these issues. By educating ourselves, we are minimizing the chances of ourselves being defrauded by a well-crafted spearphishing attack and other cyber threats. The best defense is being aware and ready for attacks in the recent future.

Durham City Wins The Battle Against Ransomware

On Friday, March 6th, the City of Durham and Durham County governments fell victim to a ransomware attack. A statement released on Sunday described the attack in more detail explaining that it originated from a malicious email attachment and then was spread across network servers. The effects of this attack could have been detrimental because there is very sensitive information held on their servers. Durham City responded to this attack as quickly as they could, taking networks and phones offline, in an effort to minimize the damage done because of this attack. 

Ransomware attacks on governments in the US rose 28% in 2018 from the previous year. This number is predicted to continue to rise. Not only have the number of ransomware attacks continued to increase, but also the ransom amount. In Riviera Beach, ransomers demanded $600,000, and less than two weeks earlier, $500,000 from Lake City, Florida. According to Nathaniel Popper, “security experts said that even these numbers underestimate the true cost of ransomware attacks, which have disrupted factories and basic infrastructure and forced businesses to shut down.” The importance of having a plan in place to protect your data from malware cannot be overstated.

Luckily, Durham City had installed Rubrik technology and were prepared for this kind of attack. Leaders of the city say that they are hoping to have all their systems completely up and running in several days. Kerry Goode, the CEO and Director of Technology Solutions said Rubrik technology, “is one of the leading backup systems you can purchase” and they decided they needed to have it because “it was a backup system that could not be consumed by ransomware”

Trinsio offers great protection including immutability for ransomware and end-to-end encryption. We know how critical your data and network are to you and your citizens because we are your citizens. That is why we partner with Rubrik, to bring stability and security to your organization so you can rest easy, despite the odds.

The Coronavirus + Your Business

As the number of infected by the Coronavirus grows in the US, more local governments and businesses are taking action to prevent contracting the virus. Eight states, including Utah, have declared a state of emergency. Governor Herbert said about declaring a state of emergency: “Making this declaration simply opens up resources for Utahns and allows us in government to focus as seriously as possible on being prepared.”

Meanwhile Individuals are taking to the internet, preparing by doing their own research and watching Contagion (it’s okay, we did it, too) and buying face masks (even though the CDC says only the sick need to wear them). But what are businesses doing to prepare for the virus and how will it affect them?

Quarantined Consumers Versus the Internet

For businesses, the effect of the virus goes beyond employees asking for sick leave or working from home. Some companies such as Twitter, LinkedIn, and Microsoft (all together 75,000 employees working from home in the US) have already asked employees to work from home. Meetings and conferences are already being cancelled or delayed until the summer, like Rubrik Forward, which just made the decision to cancel all physical events and instead to make the conference digital. 

However, a more drastic change for businesses will be customer preferences as their customers work from home. As more customers begin to use services from home, they will be more reliant on internet services, and connectivity will become more important to them. Security incidents will be harshly critiqued, and loss of service, even for short periods of time, will be enough to convince customers to look for more stable options. 

“Businesses who are inadequately prepared won’t be able to live through cyber breaches as consumers become more dependant on reliable internet services while working from home,” says Lane Livingston, CTO of Trinsio. “Businesses need to prepare now for the shift in consumer preferences forced by the Coronavirus.”

And to add an extra challenge, as customers become more intolerant of service interruptions, scammers and spammers are taking advantage of the ignorance, misinformation, and fear of citizens. The internet has seen an increase in scams related to the Coronavirus, asking people to donate, buy supplies, or click on links to see updated lists of infected cities, etc., some even impersonating the CDC to add legitimacy to their messages. So while your customers are on you for service interruptions, malware operators are working double time to wreak havoc on your business and provide your customers with more reasons to leave. 

Steps Your Business Should Take

While problems seem to be coming at you from both sides, what can you be doing to protect your business from the consequences? Here’s five things you can do now to keep your consumers happy and the hackers at bay. 

1. Use a good spam filter. A good spam filter will prevent a lot of the malicious mail from even getting to your mailbox, giving you a lower chance of clicking on something malicious. 

2. Train employees. A spam filter will not catch everything, so it is important that employees are aware of what to look for in malicious email. 

3. Set up antivirus software and a firewall. In information security, the more layers between your company’s information and the hacker, the better. 

4. Keep software and hardware up to date. Updated software and hardware will have the least amount of known bugs, giving hackers less opportunities to worm their way into your systems. 

5. Back up, Back up, Back up. Having a good backup system is a crucial part of any IT infrastructure, so that when the other parts of your system fail, your business has something to lean back on. And with customer tolerances of down time decreasing, it is also crucial to have a backup system that you can recover from quickly, preventing unnecessary down time. 

To learn how you can try a state-of-the-art backup solution for free, visit our website, or call (385) 283 – 1810.

Education Sector at High Risk of Ransomware Attacks

According to CBS news, in January, a Michigan school district became one of the victims of a ransomware attack. Hackers seized control of its computer system, demanding $10,000 in bitcoin in order to release it. This attack “affected telephones, copiers and classroom technology.” As a result of the attack, several schools in the district were closed for a week so employees could attempt to resolve the problem. The Richmond Community Schools Superintendent explained that recovery of the data is a difficult process and they do not intend to pay the ransom. “There’s no guarantee we’ll get [the server files] back, and we don’t know if that’s $10,000 for each file or each server that they’ve taken.”

Education is one of the most targeted sectors for ransomware. One reason educational organizations are at such high risk is because of the valuable information they store. They have social security numbers, banking information, credit card numbers, birthdates, and other personal information. In addition, this information does not just stem from students, but from all employees and parents. Another reason the education sector is targeted is because typically their IT equipment is not always state of the art. The school districts have budgetary constraints that make it difficult to fund IT security investments. 

According to a study done by Emsisoft Malware Lab, in 2019, the United States was hit by a myriad of ransomware attacks “that impacted at least 966 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.” That number is astounding. Of these attacks, 89 were educational sectors which potentially affected 1,233 individual schools. These numbers demonstrate the severity of the issue and reiterate the need for a data backup and recovery plan. 

Trinsio knows how valuable your data is to the success of your organizations, and we are dedicated to helping you conquer the odds against you. That is why we partner with Rubrik, to bring to you the best in cloud data management.