Ransomware Paralysis? Attacks Against Local Governments on the Rise While Prevention Efforts Lag

Criminals rely on credential reuse, a common risk that can be mitigated.

Ransomware attacks against local governments and utilities continue to pile up, yet a recent survey finds that fully half of local government offices have yet to upgrade their defenses. 

The IBM Harris poll study, released in late February 2020, found that while three-quarters of government employees surveyed are concerned about impending cyber attacks, fewer than one in four have received any prevention training. 

While the overall number of ransomware attacks has trended downward in recent years, infections of state, county and city governments have increased, with more than 100 local governments infected in 2019. That figure is almost surely low, as victims often do not publicly report attacks, for fear that publicity will make the situation worse. 

Here at SpyCloud, our researchers recently picked up what appears to be another troubling trend: hackers leaking some of the locked up data into the public domain, to increase pressure on their victims to pay up. 

“We saw this with the recent attack on Pemex,” said Dustin Warren, a senior security researcher with SpyCloud. “If the ransom isn’t paid, they threatened to release data publicly — this could be customer data or proprietary data. Another group we’re tracking recently posted a screenshot of company names — we think customers of the initial victim. It’s just getting really dangerous.” 

Attackers may be threatening to release data because some victims are now refusing to pay, even though their recovery costs are almost sure to be many times higher than the ransom demand. Officials in Baltimore, which have so far spent more than $18 million on remediation, new hardware and lost or deferred revenue, say they didn’t pay for a number of reasons: because federal investigators recommended against it, there was no guarantee the demand (reportedly $18,000 in cryptocurrency) would lead to the unlocking of the network, and because there was no way to guarantee that even if they did unlock it, hackers wouldn’t re-attack.

While to pay or not to pay may be the most pressing question for those that  have been attacked, for those that haven’t yet, prevention and swift recovery should be the focus.

But how? According to a Bitdefender survey of more than 6,000 infosec professionals around the globe, the best way to defend against advanced cyber-attacks is through awareness, training and support.

While no amount of training is foolproof, there are some very basic actions entities can take to protect their systems, users and employees. 

Take credential reuse. The practice of using the same password, or only slightly altering it, for multiple accounts, remains rampant. Across the nine billion exposed credentials SpyCloud recovered over the last year, almost a third of affected users had recycled at least one password across more than one account.  

Read more: SpyCloud’s 2020 Annual Credential Exposure Report.

 

“The bad guys bank on credential reuse,” said SpyCloud’s Warren. “If they can find your users’ Active Directory credentials through a third-party breach, they can easily log into your network and direct their malware to spread through the entire organization.”

 

SpyCloud can help.

With SpyCloud Active Directory Guardian, you can automatically detect and reset compromised passwords that put your enterprise at risk. 

Installed in minutes, without touching the domain controller or risking account lockouts, Active Directory Guardian enables you to screen your AD accounts for any password that has ever appeared in SpyCloud’s database of billions of exposed passwords. It enables you to detect and stop employees when they unwittingly attempt to select passwords that criminals are actively using in credential stuffing and password spraying attacks

Don’t let the frightening statistics around ransomware lead to paralysis. Active Directory Guardian gives you the ability to quickly discover compromised credentials and change exposed passwords automatically — and that can help stop criminals from attempting to re-attacking your organization, your vendors, partners and clients. 

Learn more: Protect Your Enterprise From Account Takeover with Active Directory Guardian.

Stop exposures from becoming account breaches.