When ransomware attacks! What is it, and do we care?

Ransomware is a type of malware that infects computers and encrypts or locks files and systems. Attackers say they will restore access once a payment is made – but there is no guarantee that they will do so.The City of Johannesburg, which owns a massive electricity company, said that most IT systems had now been restored after they were targeted. However, city officials acknowledged that there were still problems and said customers could log faults on an alternative website.”Customers should not panic as none of their details were compromised,” read a tweet posted by the city’s official Twitter account. “We apologise for the inconvenience caused to the people of the City of Joburg.”

In June 2017 WANNACRY, AKA CANNACRYPT (a ransomware infection) hit more than 230,000 computers in more than 150 countries and of those the German Railway and the UK’s National Heath Service were hardest hit.

Do we have any examples of Malware? 

What did the Stuxnet worm do?

Stuxnet appears to have been a piece of malware made by either the russian government or the CIA – Who knows? It reportedly destroyed numerous centrifuges in Iran’s Natanz uranium enrichment facility by messing with their internal scales, or, causing them to speed up but not present any indication to the management team, causing them to burn themselves out. 

This virus was ‘accidentally’ released into the wild and other groups modified the virus to target facilities including water treatment plants, power plants, and gas lines.

Stuxnet was a multi-part worm that travelled into Microsoft Windows computers on USB sticks and spread through the attached network.The virus searched each compromised Laptop for signs of the Siemens Phase 7 software used as PLCs for the control and tracking of electromechanical equipment by industrial computers.The malware assault changed its code over the internet after the PLC computer was identified and proceeded to send the damage-inducing instructions to the electro-mechanical equipment run by the system.The virus was sending incorrect feedback to the key controller at about the same time.When the machinery starts to self-destruct, someone observing the machinery could have seen no hint of worry.

How to protect yourself against a malware attack!

In avoiding ransomware attacks, successful IT management practises are still useful. Daily patches and upgrades, secure passwords, password protection, and tools for recognition and authentication comprise these activities. Virus screening (or banning) on all USB sticks and other portable media are two critical activities that may have helped guard against Stuxnet, and endpoint detection tools to catch malware until it can pass across the network. 

Another example of an energy company taking a hit!

After a staff opened an email that had a harmful attachment, the Lansing Board of Water & Light (BWL), a Michigan public service, was struck with ransomware.Ransomware spreads, and encrypting data on other machines on the internal network.BWL shut down the payroll framework, 250 staff email service and “command lines,” including the business request customer care line and the monitoring outages section.Often impacted were “printers and other technology.”The “virus” was identified by BWL General Manager Dick Peffley as “brand spanking fresh,” which is why up-to – date antivirus tech did not quarantine it.The utilities provider discovered that this form of crypto-ransomware could also be controlled by just three antivirus solutions.

Trent Atkins, BWL Emergency Management Officer, said, “It was a really advanced virus that blew right through a lot of our defence networks.”
Peffley also said, “I’ve never seen something like it in my 40-year career on the board.”At first, BWL did not accept that it was struck by ransomware, but later Peffley acknowledged that the “virus” was ransomware.Our time keeping, mobile, laptops, printers, all it takes to do the administrative job that the BWL does right now is shut down.Since the Michigan State Police Investigation Unit and the FBI were both investigating, he declined to tell what demand was reported.BWL also told clients that “no sensitive data has been breached.”

The news comes only days after Beazley released its annual study on data intrusion patterns, which revealed that ransomware is a significant computer protection danger to many companies. The research showed that there was a 131% rise in the amount of ransomware attacks recorded by Beazley ‘s clients between 2018 and 2019.

“As part of our procurement phase, standardised schematics or sketches can be exchanged with vendors to facilitate the procurement of products, but the diagrams in question do not provide any details that may place Ameren ‘s properties or consumer data at risk of external attacks,” the energy giant said in a statement.

Who else was affected by a malware attack this month?

More than 30 victims paid into the bitcoin account associated with the attack, according to a public ledger of transactions listed on blockchain.info.

According to this Recode article , U.S.-based drugmaker Merck was impacted by the massive NotPetya ransomware attacks in 2017, as was Heritage Valley Health Systems (a healthcare network in Pennsylvania). 

“For the last two to three years, ransomware has been at the top of everyone’s list of threats companies are facing,” said Bob Parisi, U.S. cyber product leader for Marsh, a global insurance broker and risk adviser. 

“The hope is that if the worst does happen and a utility … gets ransomed, they have protections in place to recover without having to pay the bad guys. – This is the crux, normally, the recovery data is kept on the same network, meaning that the backup can be targeted first. 

If a utility does fall victim to an attack, a speedy and affordable recovery usually involves extensive backups of data and operating systems, according to those who help companies resume operations after ransomware. This however is usually not the case. An air-gapped backup is not really costly to maintain, but it is cumbersome and most coders cannot be bothered putting in place this kind of functionality.

Power companies are being hit by honeypot multistage ransomware attacks

Hackers are rapidly utilising advanced multi-stage ransomware attacks as they threaten industrial control systems ( ICS) operated by critical infrastructure providers.
Cybereason’s honeypot activity, in which hackers are lured to break into a false ICS network to learn their techniques, exposed more focused strategies and contributed to a more widespread serious alert for the electrical sector and critical infrastructure.