All is well here at Woesnotgone Meadow, where everyone has
above average bandwidth.
In the Meadow, we have our municipal office, which manages
the Meadow’s business and works with our citizens. The Meadow has maintained
its presence under the radar and has been fortunate to not have been attacked.
Akron, OH, however, has not been this lucky.
The city’s computers were the targets for the attack. As
this was successful, ransomware was applied to their system. Curiously, this
was the 2nd time the city was successfully attacked. The first was
in 2013.
Effect
Once the successful attack was detected, the city knew there
was a significant issue. The attack shut down a majority of Akron’s 311 system.
This also affected other critical software and hardware systems. Fortunately
for the city, the attack wasn’t nearly as in-depth and devastating as it could
have been.
Demand!
The attackers demanded a six-figure sum for the decrypt key.
Without the funds, the decrypt key would not be provided. This potentially
would have been devastating. The city’s data and information being encrypted could
have crippled the workflow, recordkeeping, and had operations pushed back into
the 1950s with paper and pencil.
Response
The city did not respond to the attackers. The city had the
foresight to have daily back-ups done. Without this in place, the attackers
would have had significantly more leverage on the city. The city ended up
restoring the files from the day before, so the workers only had to enter one
day’s worth of work.
From the legal aspect, the city did contact the FBI and Ohio
Highway Patrol. The Akron mayor also requested assistance from the governor in
the form of the Ohio National Guard’s help from the 172nd Cyber
Security Protection Team.
Take-Away
The attack shows the importance of not only active
monitoring for the system but also back-ups. The back-ups were integral to
de-escalating the attacker’s leverage. These allowed the city to restore the data
from the day before, without spending the money to attempt to secure the
decrypt key. Without this, the city would have the opportunity to make a large
payment and hope the decrypt was provided. These were also done on a daily
rotation, which allowed for the not only the restore but also for a minimal
amount of data having to be rekeyed in or otherwise incorporated into the data.
With this case and many others, the rule to apply is back-up
and check the back-ups to ensure they are not corrupted.
Thanks for visiting Woesnotgone Meadow, where the encryption
is strong, and the O/Ss are always using the latest version.
Resources
Ashworth, A. (2019, January 25). Akron combats ‘financially
motivated’ cyberattack on city servers. Retrieved from https://www.ohio.com/news/20190125/akron-combats-financially-motivated-cyberattacks-on-city-servers
Houston Chronicle. (2019, January 26). Akron says
cyberattack forced shutdowns of city help line. Retrieved from https://www.houstonchronicle.com/news/article/Akron-says-cyberattack-forced-shutdown-of-city-13564123.php
Scofield, D. (2019, January 25). Multiple local and state
agencies investigating cyberattack on akron’s city servers. Retrieved from https://www.news5cleveland.com/news/local-news/akron-canton-news/multiple-local-and-state-agencies-investigating-cyber-attack-on-akrons-city-servers
No comments:
Post a Comment