This past February marks the two-year anniversary when Livingston County, Michigan, was hit by Ransomware. The wealthiest county in the state had three years’ worth of tax information possibly at the mercy of cybercriminals.
As a local government, county CIO Rich C. Malewicz said they have been a target of Ransomware, but in this instance they had backups at the ready. He said the most memorable ransomware attack was a result of a watering hole campaign using malvertizing to infect users visiting a local news website.
“This attack was very clever in that all you had to do to get infected was visit the website, you didn't even have to click on the page. Once the user went to the local news website, they were immediately redirected to a site hosting exploit code and the infamous page appeared demanding a ransom with instructions,” he said.
The attackers embedded malicious code in the iframe that redirected the users to the exploit landing page. The ransomware spread to several PCs and servers before it was contained.
“We were fortunate enough to have a working backup of the data and we recovered shortly after. If we didn't have a working backup this could have been a disaster,” Malewicz said.
Aside from the loss of personally identifiable information of the 188,000 citizens of the county, the government would have been looking at the labor cost to replicate the documents on top of the damage to its reputation. The county’s network is also shared with public safety entities as well as educational institutions.
“It's pretty clear that local government is a primary target of ransomware attacks, mainly because they have lagged so far behind the private sector in terms of cyber protection, many don’t have working backup solutions - if any at all, and they tend to pay the ransom,” he said.
Recent headlines show public safety agencies and local governments will pay the ransom, so they are targeted even more - attackers will migrate to the industry that tends to pay the ransom and to those that have an inadequate cybersecurity posture. Case in point the Tewksbury, Mass., police paid the ransom four or five days after they could not break the encryption and needed the attackers to send them the private key in order to access the data.
“Protecting an organization from ransomware or any type of malware is similar to an arms race, as the threat evolves so must your defenses!” Malewicz said.
The county turned to predictive analytics in hopes of halting the ransomware attacks. Livingston County uses Unitrends backup solution to provide Malewicz's team peace of mind that in the event our cyber defense fails.
“Ransomware was largely unheard of years ago, but today it's a household name - everyone knows someone or some organization which has been infected. The future guarantees that more menacing ransomware variants will take center stage wreaking havoc in our homes and places of business. When ransomware exploits bypass perimeter cyber defenses you have only to rely on your predictive analytic cyber defenses to protect you, else I hope you have stable and secure backup to fall back on!” he said.
It is thought that with predictive analytics, it brings the technology more into a savior category then a staple. It elevates the ability of the technology to detect changes in data, which points to outbreak of ransomware and then allows the IT administrator to refer back to the last legitimate backup point.
Predictive analytics is a necessity because the malware of tomorrow is unknown and will surely evolve to our detriment. When traditional cyber defense technology is rendered ineffective or human error is at play, predictive analytic cyber defense technology becomes the last line of defense for an organization.
