ransomware

Tag Archive

North Carolina: Two ‘Russian’ Ransomware Attacks Take Down Durham North Carolina City And County Government Systems | Davey Winder/Forbes

The same Russian ransomware that is thought to have been responsible for the City of New Orleans state of emergency last year has now struck Durham City and the County of Durham in North Carolina. As 2019 wound down to an end, the City of New Orleans was hit by a ransomware attack, thought to be attributable to Ryuk. That attack was severe enough for Mayor LaToya Cantrell to declare a state of emergency. Now the City of Durham and Durham County, in North Carolina, have had to shut down networks after being hit by the same Russian ransomware. The City of Durham and Durham County Government IT systems were subject to a successful cyber-attack late Friday evening, March 6. Malware detection systems kicked in to provide immediate notification of the attack, and networks were closed down to prevent further spread. The incident was described as a cyber malware attack, or rather “two separate attacks” at a press conference held by officials Monday, March 9. Thomas Bonfield, Durham City manager, said that while the malware had “been contained ” and the city was in recovery mode, “most city networks and phones remain intentionally offline during the initial stages of the recovery process.” Bonfield said that the National Guard cybersecurity team was helping with the recovery effort. It should be noted, however, that critical public safety systems, including access to the 911 network, remained operational thanks to the emergency cyber-attack remediation process.

Full Article: Two ‘Russian’ Ransomware Attacks Take Down North Carolina City And County Government Systems.

North Carolina: Ransomware Attack Hits Durham North Carolina City, County Governments | Lucas Ropek/Government Technology

Hackers of “Russian” origin targeted the city and county governments of Durham, N.C., over the weekend, hampering computer and communications networks with ransomware, according to local officials. The attack, which used the infamous Ryuk malware strain typically spread through malicious attachments in phishing emails, was carried out late Friday by a Russian hacking group, according to the North Carolina State Bureau of Investigations, one of the agencies looking into the attack. On the heels of a year with a precipitous rise in ransomware attacks on state and local government, the incident is one of several to occur in the first few months of 2020 that show the trend does not seem to be slowing.  City and county officials confirmed during a joint press conference Monday that the malware appears to have spread after internal employees clicked on infected emails.

Full Article: Ransomware Attack Hits North Carolina City, County Governments.

National: Ransomware top of mind for DHS cyber chief | Derek B. Johnson/FCW

The Department of Homeland Security’s cyber chief said his organization is trying to do more to address ransomware and other digital threats that directly touch the lives of citizens. Speaking at the RSA Conference in San Francisco, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs said his agency has stepped up efforts to proactively reach out to federal agencies, local governments, businesses and critical infrastructure managers about how to prepare and what to do if their data is encrypted and held ransom by criminals or state-aligned hacking groups. “For years and years and years, particularly in the federal government, we’ve been focused on the nation-state adversary, the highly capable, the big four: Russia, China, Iran [and] North Korea,” he said. “I think we’ve been a little bit late to the game on ransomware,” he said, adding, it’s what average Americans see “in their schools, their hospitals and their municipal agencies.” Krebs described CISA’s role as that of a middleman uniquely positioned to canvass all the major stakeholders in the cybersecurity ecosystem and “facilitate a knowledge transfer from the haves to the have-nots.” CISA can leverage the collective financial and human capital resources of the big fish — like major banks — and push that knowledge and awareness down the chain to the broader cybersecurity ecosystem.

Full Article: Ransomware top of mind for DHS cyber chief -- FCW.

Florida: Cyber experts: Public should have known about 2016 Palm Beach County elections ransomware | Hannah Morse/The Palm Beach Post

In the wake of the dispute over the cyber intrusion at the county elections office, The Palm Beach Post asked a series of security professionals to weigh in on the revelation of the Zepto virus exposure in September 2016. Is three years too long to learn that a ransomware attack happened at the Palm Beach County Supervisor of Elections Office? Yes, say cybersecurity and IT experts. In the wake of the dispute over the cyber intrusion at the county elections office, The Palm Beach Post asked a series of security professionals to weigh in on the revelation of the Zepto virus exposure in September 2016. “Not only should they report this, they should understand that just because everything seems normal it might not necessarily be,” said Silka Gonzalez, founder of ERMProtect in Coral Gables. “Even if a hacker is already inside your network and passively stealing your information everything in your workplace is going to look normal and ‘business as usual.’ These things don’t come with sirens and red lights.” The scrutiny over Zepto and its purported encroachment by an unknown entity through an elections office computer in the weeks before the 2016 presidential vote has been a source of controversy. This month, current Supervisor of Elections Wendy Sartory Link revealed the previously unknown cyber attack via a Zepto virus. The severity of the episode, however, has been disputed by her predecessor, Susan Bucher.

Full Article: Cyber experts: Public should have known about 2016 elections ransomware - News - The Palm Beach Post - West Palm Beach, FL.

Florida: Palm Beach County elections ransomware attack raises security questions | Anthony Man and Skyler Swisher/South Florida Sun-Sentinel

From Tallahassee to Washington, D.C., officials and citizens voiced concern Thursday over an until-now undisclosed ransomware attack on the Palm Beach County elections office during the 2016 election season. The bombshell disclosure about the attack came from Supervisor of Elections Wendy Sartory Link, who said Wednesday she learned in November about the ransomware attack. Link, who took office in January 2019, said some of the agency’s data was corrupted, but the problem apparently was corrected and didn’t affect the November 2016 elections. The picture was muddied by the response from Susan Bucher, the supervisor of elections at the time, who said it never happened. The current county elections chief said she wasn’t trying to alarm the public — but the disclosure heightened concerns for some, coming just five weeks before Florida’s presidential primary and the local government elections for 20 cities, towns and villages in Palm Beach County.

Full Article: Palm Beach County elections ransomware attack raises security questions - South Florida Sun-Sentinel.

Florida: DHS preparing report on 2016 Palm Beach election ransomware | David Smiley and Nicholas Nehamas/Miami Herald

Less than five weeks before Florida’s March presidential primary, the Department of Homeland Security is investigating a previously unreported cyber attack on Palm Beach County’s elections office, according to Supervisor of Elections Wendy Sartory Link. Link, who was appointed last year by the governor to oversee the county’s beleaguered elections department, said she contacted the FBI in November after a veteran IT employee told her that the office had been infected by a ransomware virus only a few weeks prior to the 2016 election. The virus was not publicly disclosed in 2016. Link said the FBI referred her to DHS, which sent a team of a half-dozen employees to her office late last month to do a “deep dive” into her department’s network. She said a report of their findings and recommendations is expected shortly. “We’ve had the top experts in the country here and they spent a lot of time with our system. When we get the report, we’ll be able to take care of everything we can take care of,” Link said in an interview Thursday. “I wanted this done before March if at all possible.”

Full Article: DHS preparing report on 2016 Palm Beach election ransomware | Miami Herald.

Florida: Palm Beach County elections office hit by ransomware before 2016 election | Hannah Morse/The Palm Beach Post

Current Palm Beach County elections supervisor Wendy Sartory Link said she recently learned about a 2016 ransomware attack at the elections office. Weeks before the 2016 election that would usher in Donald Trump as president, the Palm Beach County Supervisor of Elections Office was subject to a ransomware attack, elections supervisor Wendy Sartory Link told The Palm Beach Post on Wednesday. The attack more than three years ago happened while Susan Bucher was elections supervisor, but Link said she was unsure how the virus infiltrated the system. “We weren’t part of that, but have we been hacked in Palm Beach County? Yeah, we have,” Link said during an editorial board interview. But Link said she does not believe the ransomware attack against the county is one of the two Russian hacking attempts in Florida revealed in former Special Counsel Robert Mueller’s report last April.

Full Article: EXCLUSIVE: PBC elections office hit by ransomware before 2016 election - News - The Palm Beach Post - West Palm Beach, FL.

Wisconsin: Cities Still Recovering From January Cyberattacks | Miranda Suarez/Wisconsin Public Radio

Two Wisconsin cities are still recovering after they were hit with ransomware in January, and one state official predicts those kinds of attacks will only get worse in the future. Ransomware is a kind of cyberattack that locks governments or companies out of their data, usually demanding money in exchange for access. It often enters a system through phishing emails, which contain a shady link or attachment. Ransomware shut down internal computer systems, like email, in Oshkosh and Racine on Jan. 28 and Jan. 31, respectively. Oshkosh city spokesperson Emily Springstroh said the city is mostly back online, but they don’t know yet how the virus got in.

Full Article: Wisconsin Cities Still Recovering From January Cyberattacks | Wisconsin Public Radio.

Louisiana: Hacks on Louisiana Parishes Hint at Nightmare Election Scenario | Kartikay Mehrotra/Bloomberg

James Wroten called the clerk of court in Vernon Parish, Louisiana last November with an urgent message. The timing wasn’t convenient. The clerk, Jeffrey Skidmore, was relaxing on his back porch and hoping to soak in some final moments of quiet before state and local elections. Skidmore let the call go to voicemail. But Wroten, whose company manages IT services for small companies and local governments, persisted until Skidmore finally picked up. “He told me we’d been infected by ransomware and to ask all 14 of my employees not to go into the office or try to access any of their files,” said Skidmore. “I was stunned. We had an election in six days.” That call, Wroten later recalled, was the start of one of the worst weeks of his life. Hackers had infiltrated Wroten’s company, Need Computer Help. From there, the attackers used the connections Wroten’s employees need to do their job in order to breach the networks of Vernon Parish and six other local parishes, the Louisiana equivalent of counties. The attacks highlight how vulnerable local jurisdictions remain despite four years of efforts to shore up defenses in preparation for the 2020 presidential election.

Full Article: Hacks on Louisiana Parishes Hint at Nightmare Election Scenario.

National: Election officials are watching how their states respond to cyberattacks | Benjamin Freed/StateScoop

State election officials said Tuesday that they’ve been watching how their state governments have responded to incidents like ransomware attacks as lessons on what they would do if the voter registration databases, vote-total reporting systems and other components of election infrastructure that they manage were targeted. Though the ransomware incidents that have spread through state and local governments across the United States have largely spared election systems from the worst, debilitating effects, the Department of Homeland Security last year said that local officials could be targeted by viruses that lock them out of voter rolls unless they pay a financial demand. And at a conference in Washington hosted by the Election Assistance Commission, state officials said they are paying attention to ransomware wave.

Full Article: Election officials are watching how their states respond to cyberattacks.

Louisiana: Cyber Attack Has Louisiana State Lawmakers Asking Questions | Chuck Smith/Red River Radio

The ransom-ware  cyberattack that occurred two weeks ago on Louisiana’s state government computer servers disrupted several state agency operations and prompted Governor John Bel Edwards to declare a state of emergency. The state activated its cybersecurity response team following the ransomware attack on government servers, and according to a press release the state did not lose any data nor pay any ransom, AND no personal data was compromised as state cyber-experts explained the attack was aimed at disrupting state server operations only. The shut-down was to prevent any unauthorized access and allow tech teams to take necessary cyber-security measures. While inconvenient the breach was nowhere near the worst-case scenario, of widespread  data  theft  or  crippled government services  for weeks or months. During  a recent meeting of the Joint House and Senate Budget Committee, Republican  Sen. Sharon  Hewitt  from  Slidell  praised  the quick response from Louisiana’s technology services office to the Nov. 18th  ransom-ware, but asked about  potential  vulnerabilities for future attacks.

Full Article: Cyber Attack Has Louisiana State Lawmakers Asking Questions | Red River Radio.

Louisiana: No data lost, no ransom paid in Louisiana cyber attack; Ardoin says no impact on state elections | Mark Ballard/The Advocate

Monday’s ransomware attack, which crippled about 10% of the state’s computer network servers just hours after votes were tallied in statewide elections for governor, legislative seats and other positions prompted many to look for intrigue, a legislative panel heard Friday. “A lot of the conspiracy theorists are calling me,” said state Sen. Bodi White, R-Central. He questioned whether the attack, which kept many in state government from using their computers throughout much of the week, could cause problems for certification of election results or changed numbers in election returns. Secretary of State Kyle Ardoin said no. “Nothing impacted our system,” Ardoin said in an interview Friday. The website was down for a while. But, for the most part, the election office’s databases for voters and votes are separate from the state system.

Full Article: No data lost, no ransom paid in Louisiana cyber attack; Ardoin says no impact on state elections | Legislature | theadvocate.com.

Louisiana: Louisiana was hit by Ryuk, triggering another cyber-emergency | Sean Gallagher/Ars Technica

In October, the Federal Bureau of Investigation issued a warning of increased targeting by ransomware operators of “big game”—targets with deep pockets and critical data that were more likely to pay ransoms to restore their systems. The past week has shown that warning was for good reason. On November 18, a ransomware attack caused Louisiana’s Office of Technology Services to shut down parts of its network, including the systems of several major state agencies. These included the governor’s office, the Department of Health (including Medicare systems), the Department of Children and Family Services, the Department of Motor Vehicles, and the Department of Transportation. Louisiana Governor John Bel Edwards activated the state’s cybersecurity response team. While some services have been brought back online—in some cases, within hours—others are still in the process of being restored. Most of the interrupted services were caused by “our aggressive actions to combat the attack,” according to Louisiana Commissioner of Administration Jay Dardenne. “We are confident we did not have any lost data, and we appreciate the public’s patience as we continue to bring services online over the next few days.”

Full Article: Louisiana was hit by Ryuk, triggering another cyber-emergency | Ars Technica.

Louisiana: Government computers knocked out after ransomware attack | Christopher Bing & Raphael Satter/Reuters

Louisiana state government computers were knocked out following a ransomware attack, the governor said on Monday, as results from the close gubernatorial election in the southern state await certification. Many state agencies had their servers taken down in response to the attack, Governor John Bel Edwards said in a series of messages posted to Twitter. He said the agencies were coming back online but that full restoration could take “several days.” “There is no anticipated data loss and the state did not pay a ransom,” he said. Ransomware works by scrambling data held on vulnerable computers and demanding a payment to unlock it. Louisiana Secretary of State spokesman Tyler Brey said that while his office’s website was briefly offline, the tallying of Saturday’s vote, in which Bel Edwards narrowly won re-election, was unaffected. The vote drew national attention following U.S. President Donald Trump’s well-publicized endorsement of Bel Edward’s Republican challenger, Eddie Rispone.

Full Article: Louisiana government computers knocked out after ransomware attack - Reuters.

National: States brace for ransomware assaults on voter registries | Laura Hautala/CNET

Extortionists have recently shut down municipal computer systems in Texas, Maryland, Florida and New York, threatening to erase databases unless the cities pay a ransom. Now officials around the country are concerned the tool the hackers used, known as ransomware, could be tapped to target state voter registration rolls and disrupt confidence as the nation heads into the 2020 election. Illinois, for example, is making its voter registration database accessible only from a closed fiber optic network, rather than the open internet, according to Matt Deitrich, a spokesman for the State Board of Elections. The Prairie State is making progress, though it still has a way to go, he says. Less than a third of its 108 jurisdictions currently connect to the database via the dedicated network. The security effort is worth it, Deitrich says. If a hacker successfully hits even one county’s election agency with ransomware, that can create the impression the whole system is compromised. “It’s a phenomenon that can undermine voter confidence,” Deitrich said. Ransomware would be a new feature of election hacking, which came to public attention after intelligence officials said Russian hackers probed voter registries during the 2016 presidential campaign. A ransomware attack in 2020 could prove devastating, preventing voters from registering or poll workers from confirming voter eligibility, officials say. The hackers’ goal wouldn’t be changing the votes that were cast, but spreading doubt that eligible voters were able to make their voices heard.

Full Article: States brace for ransomware assaults on voter registries - CNET.

National: Ransomware threat raises National Guard’s role in state cybersecurity | Benjamin Freed/StateScoop

National Guard units already play a large role in state governments’ cybersecurity activities, such as protecting election systems, but the threat of ransomware to cripple a state or city organization is a growing concern for uniformed personnel, the top military official overseeing the National Guard across the United States said. While Americans are long used to seeing guardsmen and women roll into to disaster-stricken areas after a hurricane or wildfire, deployments following cyberattacks are increasingly common, Air Force Gen. Joseph Lengyel said Friday on a conference call with reporters, likening the recent ransomware incidents in Texas and Louisiana to a “cyber storm,” though not quite a “cyber hurricane.” “We’re seeing the whole of the first responder networks come to assist and mitigate the damage and get everything back up and running, and the National Guard is part of that response,” he said.

Full Article: Ransomware threat raises National Guard's role in state cybersecurity.

National: U.S. officials fear ransomware attack against 2020 election | Christopher Bing/Reuters

The U.S. government plans to launch a program in roughly one month that narrowly focuses on protecting voter registration databases and systems ahead of the 2020 presidential election. These systems, which are widely used to validate the eligibility of voters before they cast ballots, were compromised in 2016 by Russian hackers seeking to collect information. Intelligence officials are concerned that foreign hackers in 2020 not only will target the databases but attempt to manipulate, disrupt or destroy the data, according to current and former U.S. officials. “We assess these systems as high risk,” said a senior U.S. official, because they are one of the few pieces of election technology regularly connected to the Internet. The Cybersecurity Infrastructure Security Agency, or CISA, a division of the Homeland Security Department, fears the databases could be targeted by ransomware, a type of virus that has crippled city computer networks across the United States, including recently in Texas, Baltimore and Atlanta. “Recent history has shown that state and county governments and those who support them are targets for ransomware attacks,” said Christopher Krebs, CISA’s director. “That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”

Full Article: Exclusive: U.S. officials fear ransomware attack against 2020 election - Reuters.

Texas: Ransomware Attack Hits 22 Texas Towns, Authorities Say | Manny Fernandez, Mihir Zaveri and Emily S. Rueb/The New York Times

Computer systems in 22 small Texas towns have been hacked, seized and held for ransom in a widespread, coordinated cyberattack that has sent state emergency-management officials scrambling and prompted a federal investigation, the authorities said. The Texas Department of Information Resources said Monday that it was racing to bring systems back online after the “ransomware attack,” in which hackers remotely block access to important data until a ransom is paid. Such attacks are a growing problem for city, county and state governments, court systems and school districts nationwide. By Tuesday afternoon, Texas officials had lowered the number of towns affected to 22 from 23 and said several government agencies whose systems were attacked were back to “operations as usual.” The ransomware virus appeared to affect certain agencies in the 22 towns, not entire government computer systems. Officials said that there were common threads among the 22 entities and that the attacks appeared not to be random, but they declined to elaborate, citing a federal investigation. It was unclear who was responsible. The state described the attacker only as “one single threat actor.”

Full Article: Ransomware Attack Hits 22 Texas Towns, Authorities Say - The New York Times.