Another U.S. agency fell victim to ransomware and hackers’ demands this week. Hackers used ransomware to infect computers at the Georgia Administrative Office of Courts and demanded a ransom payment. Ransomware blocks users from accessing computer systems or files until a ransom is paid. Officials shut down all court websites as a result.
The ransomware was discovered on Saturday, June 29th. As of this writing (July 3rd), the Administrative Office of the Courts is still offline. The agency maintains court documents, provides computer applications to local courts and publishes guidance on court operations.
Michelle Barclay, a division director for the Administrative Office of the Courts, said that personal information wasn’t compromised because they don’t keep it. She also said that the attack is suspected to have come from a foreign country.
County and state courts are operational but unable to access information provided by the Administrative Office of the Courts. It’s unknown how long it will take to recover from this attack.
Chris Chao, President of Centerpoint I.T. in Atlanta, provides his thoughts:
“After two decades in managed I.T. support, I continue to be amazed at how casually the vast majority of executive leadership approaches I.T. security. There’s a pervasive sentiment that ‘I would never be a target of a cyber-attack.’ Yet many of the same businesses wouldn’t go a day without locking their building door at night or covering their business assets with insurance.”
- Other Georgia Government Systems Have Been Hacked
This follows other ransomware attacks on Georgia government networks within the past two years, including the Georgia Department of Agriculture and the City of Atlanta.
Hackers demanded about $48,000 from the Georgia Department of Agriculture, but the state refused to pay. Instead, because they had reliable and recoverable backup files, technicians were able to erase and reload the 60 computers that had been infected by malware. The total cost for remediation work, investigations and consultants came to $253,000.
Hackers demanded $51,000 from the City of Atlanta last year. They wouldn’t report whether they paid the ransom. However, they authorized spending $2.7 Million to restore their computer system.
- Hackers Are Targeting Georgia Governments
Marius Nel, Principal of 360 Smart Networks in Roswell, Georgia, tells us more:
“From what we’ve seen over the last 12 months, it looks increasingly likely that the Georgia State, county and city systems are being specifically targeted. The core issue here is that quite a few counties, state entities and cities have been forced to pay the ransomware (in some instances up to $450,000) due to insufficient cybersecurity systems and/or badly configured and managed backup systems. The net result is that there now exists a very lucrative market for extortion in Georgia, which will remain viable for as long as the entities are paying the ransom.
It’s extremely disconcerting as taxpayer funds are being used to pay the ransom due to inadequately protected I.T. systems. The idea that tax dollars are being used to finance organized crime in countries outside the U.S. doesn’t sit well with us.”
- Governments Are Paying The Ransom
This malware attack is just another of the incidents this year where a public agency was held hostage by a ransomware attack. In June, the Riviera Beach City Council in Florida paid a ransom of $600,000 to hackers when their computer system and email were disabled. This prevented 911 dispatchers from entering calls into a computer. That same week, Lake City, Florida agreed to pay hackers $460,000 due to a ransomware attack that took down their email system.
- The Best Defense
Marius from 360 Smart Networks tells us more:
“At 360 Smart Networks, we believe that any cybersecurity strategy or system should be built taking into account that it will eventually fail. It’s therefore paramount that your system is bookended by an onsite and offsite backup system air gapped in such a way that attackers cannot compromise your backup system. In the likely event that something eventually slips through your cybersecurity net, you’re going to need your backups. Make sure they are there and ready to be used.
Over the last few years, we have implemented a variety of absolute best-of-breed, enterprise systems and technologies to keep our clients safe. Even with the resources and systems at our disposal, we still assume that eventually, we are going to be hit with ransomware, which is why all of our clients get an enterprise onsite/offsite backup system that’s checked daily to ensure functionality. Paying a ransom should be considered absolute failure.”
And Chris from Centerpoint IT adds these tips:
“With a 700% increase in ransomware attacks last year and over half of all businesses indicating a cyber breach, it’s essential that business executives take steps to secure their data and I.T. environment.
The first step is a thorough review of I.T. security policy, processes and systems with the help of an independent expert that will help shine a light on areas of vulnerability and can give you an I.T. security roadmap.
Then take action and engage internal and external resources to deploy the systems and tools that will keep you safe. Important: Backup and disaster recovery is your last line of defense in limiting the damage of successful cyber-attack. The latest versions of ransomware looks for backups and encrypts these to hold your information hostage when backup systems aren’t properly hidden on your network.
Lastly, train everyone in your organization on security practices and how to recognize threats. This is the most often overlooked area and is easy to automate and test.”
