Cities are being targeted at greater levels. Atlanta, Albany
in New York, Baltimore, and Flint are merely a few of the recent examples. These
successful attacks are not inexpensive, as the costs for the consultants, forensic
cybersecurity subject matter experts, hardware, and other costs add up. While a
portion or majority of the costs may be recouped by the insurance company, the
direct labor to re-enter data or apply the prior back-ups affect also the operations
for a varied amount of time.
Target
For this round, Augusta, Maine was targeted and successfully
attacked. Specifically, the Augusta City center was targeted and pwned.
Attack
In this case, the attacker’s tool was ransomware. This has
been such a successful tool to use for these attacks. All it takes is one
employee. For Augusta, it appears an employee clicked on a file or link they
really should not have. The attackers demanded over $100k for the decrypt key.
If they did not receive the funds, the threat was the entire computer system
would be shut down. One defensive measure against ransomware is the simple, yet
pertinent, back-up. The city stored its data on a mass storage device.
Thankfully this was not compromised as part of the attack.
Mitigations
As the attack’s symptoms were felt by the city, to mitigate
the issue the IT department began pulling cables from the computer equipment.
This is somewhat basic, however, this was sufficiently effective. The immediate
effect was to close the offices for two days. The IT department also froze the
systems responsible for the municipal financial systems (i.e. payroll, accounts
payable, and accounts receivable), billing, automobile services, assessor
records, and general assistance. The plan was solid, as the IT department did
not want this to spread further through the system.
Payment and Beyond
The city did not pay and had no intention of paying the
ransom. In general, this is the preferential plan. For this option to work,
however, there have to be viable back-ups, and these had to have been tested. The
total costs for this were significant. Most of these costs were for the staff
of five persons in the IT department for overtime. They had to put in 80-100
hours over eight days. The staff also was tasked with entering data which was
lost due to the outage. The system may have been down for 1-1.5 weeks. The city
also investigated the issue in order to attempt to find the attackers. This
endeavor was not successful.
What We Can Learn
The attack vector was a seemingly inconspicuous email with a
happy, little attachment or link. The click-happy staff member’s action took
down the city’s systems. There is always an opportunity for cybersecurity
training and updates on different attacks, which may be directed at the staff.
Resources
AP Maine. (2019, April 29). Hacker wanted more than $100k to
restore city computers. Retrieved from https://www.fosters.com/article/20190429/AP01/304299990
AP News. (2019, April 29). Hacker wanted more than $100k to
restore city computers. Retrieved from https://www.caledonianrecord.com/news/region/hacker-wanted-more-than-k-to-restore-city-computers/article_
Edwards, K. (2019, April 28). Augusta cyberattacker sought
over $100,000 in ransom. Retrieved from https://www.pressherald.com/
The Associated Press. (2019, April 29). Hacker wanted more
than $100k to restore main city’s computers. Retrieved from https://bangordailynews.com/2019/04/29/news/augusta/hacker-wanted-more-than-100k-to-restore-maine-citys-computers/
and https://www.usnews.com/news/best-states/maine/articles/2019-04-29/hacker-wanted-more-than-100k-to-restore-city-computers
No comments:
Post a Comment