New Orleans Struck by Cyberattack, City Declares State Of Emergency

On Friday, December 13, New Orleans Mayor LaToya Cantrell declared a state of emergency for the city after a cyberattack was detected around 11 a.m. 

The incident began at around 5 a.m. when NOLA Ready – New Orleans’ emergency preparedness campaign – confirmed “suspicious activity…on the City’s network” and a “cybersecurity incident” by the time 11 a.m. rolled around. Once the threat was established, New Orleans’ IT department issued a shutdown of all employee devices and disconnection from Wi-Fi. Servers were also ordered to be powered down following the attack. Emergency response lines were still open to take calls, however. 

The City of New Orleans declared a state of emergency shortly after the cyberattack was detected. A press conference was held the Friday of the incident, in which Mayor LaToya Cantrell confirmed that a cyberattack was responsible for the unusual network activity. Officials stated how no data was lost after the attack and that there is still no indication that passwords were compromised. Chief Information Officer Kim LaGrue confirmed that phishing emails had been sent to employees that asked for their login information while the attack went underway. There was also evidence of ransomware – specifically the Ryuk strain – as cause for the cyberattack. 

Mayor Cantrell did later affirm that ransomware was behind the attack, but investigations are still ongoing to verify if Ryuk was indeed involved according to the press conference held Monday, the 16th. 

It’s always important to take precautionary steps in making sure you’re prepared for an impending cyberattack. Some cybersecurity steps you can take include:

-Backing up all your data

-Being mindful of what email links and attachments you click on

-Patching software vulnerabilities

-Using strong passwords and activating two-factor authentication for your accounts

Ransomware Attack Hits UK Police Federation

Just announced yesterday, the U.K. Police Federation of England and Wales (PFEW) survey headquarters had been hit with a cyberattack – the ransomware encrypting computer email systems and databases and deleting backup data.

The attack occurred on March 9 and affected this headquarters solely – consisting of approximately 119,000 police officers – as a statement provided by the Federation revealed how 43 branches spread throughout the U.K. and Wales were not affected.

In a tweet yesterday morning, the Police Federation explains how “[t]here is no evidence at this stage that any data was extracted from our systems but this cannot be discounted.”

Officers of the National Cyber Crime Unit have begun their investigation and are in contact with PFEW to determine the nature of the attack and the extent of damage. According to the PFEW, the attack was likely done as part of a much larger campaign set to cause further havoc.

The incident was reported to the data protection regulator in the U.K. within three days as part of European ordinance, although the PFEW announced the attack 12 days after it first occurred.

Norwegian Aluminum Producers Norsk Hydro Hit by Cyber Attack

Norsk Hydro, one of the largest Norwegian aluminum providers, partly shut down their operations due to a large scale ransomware attack. The company has been trying to neutralize the attack this week, as they were unaware of how significant the damage was on their operations. The main cause of the attack has now been identified (due to LockerGoga ransomware), and the company is currently working with external partners to restore full systems operations.

When the attack hit, Norsk Hydro stated their switch to manual operations. Their shares went down about two percent while aluminium prices went up 1.5%. There have been a lot of breaches that caused both data loss and other infrastructural issues. In the past, cybercriminals have managed to hack into companies such as Anthem, Yahoo!, and Marriott International just to name a few.

Norsk claimed to Business Insider, “We are working to [further] contain the situation and reduce impact, aiming to resume normal operation.”

On Thursday, March 21, Hydro’s specialists found what the source of the problem was and has been working to get their systems back to the way it was – in its pre-infected state. Safety issues have not been announced since the ransomware attack first struck on Tuesday, March 19. Manual operations are still being used, but the company had announced that “most operations are [now] running.” It is still unclear how long full restoration to normal IT operations will occur.

UPDATE 3/27/19: Norsk Hydro reported financial losses of up to $40 million based on the ransomware’s impact from last week. While the company is now running almost all its operations normally, the Extruded Solutions business division is still in recovery mode. The Building Systems unit is still “at a standstill,” as said in a press release. Delays are expected, but Norsk Hydro announced that this unit will “gradually ramp up production and shipments during the week.”

Surviving a Ransomware Attack

The rate of ransomware attacks may have gone down, but does that mean there were fewer attacks? The rates have shown a slight decrease from the previous year, with 1,783 attacks in 2017 compared to a whopping 2,673 reported in 2016. Yet, while such numbers may indicate this catastrophic cybercrime is on the decline, the reality surfaces as most attacks being under-reported, leaving many to wonder how frequently the attacks occur and how the cost will affect businesses.

According to Ms.Smith of CSO reporting, Verizon analytics have found that ransomware incidents have actually doubled. Researchers have found that attackers usually demand a cryptocurrency payment to be able to release an affected user’s files, but there is no assurance to do so after payment is received. Through such ransomware attacks, cybercriminals are always thinking of ways to maximize their profit.

As former Whitehouse CIO who is now president and CEO of Fortalice Solutions explains, “We used to hear very often that it was mostly consumers – but [for those attacks] you’re looking at $75 as a cyber-criminal.” Attackers have a strategy to target all businesses utilizing the internet for their needs, raising a corporate concern of impending cyberattacks.

In 2017, the WannaCry, NotPetya, and BadRabbit strains didn’t simply upset business forms; rather, the attacks greatly impacted universal brands like FedEx from a functional operation. This took the ransomware danger vector to a “totally new level,” using worms to proliferate through frameworks and affecting 300-400,000 gadgets around the world, says Steven Wilson, leader of Europol’s EC3 digital wrongdoing focus. The cyber-threat further continues with cheap off-the-rack shelf kits sold online, allowing an attacker to access ransomware tools necessary to carry out another business damaging strike.

“Just think: your entire customer records database is gone,” says Wilson. “You don’t know who owes you money, who you owe money to, or who you’re going to sell your product to. That’s the reality if ransomware strikes you. Everything is gone.”

Raising Awareness

While ransomware such as WannaCry is still very much prevalent, cybercrime attacks like these helped raise awareness of any more possible strikes. From ongoing evidential trends, ransomware is here to stay. Fortunately, there are cyber-hygiene steps you can acquaint yourself with to prevent attacks from happening in the future.

Having up to date computer operating systems is the first step to preparedness, as the latest versions of anti-malware software can assist in the case of an attack. In the event of a major ransomware strike, it is always best to keep and regularly update backup storage of all files for recovery.

As Payton explains, “Organizations should also consider network segmentation and introduce kill switches to prevent malware from moving laterally, as WannaCry did.” [It’s always best to] practice for the worst and hope for the best – making sure you’re thinking ahead, practicing that digital disaster, practicing your comms plan,” Payton further suggesting that organizations also perform test runs on full restores.

How can the technology community help?

Through public and private bodies working together and familiarizing themselves with program vulnerabilities, ransomware disasters can surely be prevented. Working as a key to inform decryptors of dangerous ransomware, NoMoreRansom, for instance, pools assets crosswise over associations and can help the technology community be one step ahead of the next crippling attack.

For more on ransomware preparedness strategies, please click here to learn more about preventing ransomware.

New Ransomware Strain Demands Nudes, Not Bitcoin

Normally, when you see the popular kids cartoon character, Thomas the Train, you don’t think anything of it. But if you see Thomas the Train show up on your computer, it might not be such a pleasant sight. As if extorting money and encrypting files wasn’t bad enough, cybercriminals have taken it to the next level: demanding naked photographs instead of Bitcoin. The new ransomware called nRansomware was first spotted by researchers at MalwareHunterTeam on Thursday.

 

The message reads that the computer has been locked and demands the victim to send “at least 10 nude pictures of you,” claiming that they will verify if they indeed belong to them. They also mention that those nude photographs will be sold on the Dark Web.

MalwareHunterTeam warns that it may simply be a prank since it doesn’t actually encrypt files; it’s simply a screenlocker. There is no information on anyone being infected as of yet.

If this is a real strain of ransomware, it’s a very sick, twisted type of attack. While it’s not entirely unexpected because of hacking or malware to access the webcam, it’s definitely reached a new low.

3 Ways to Avoid Being Affected During the Next WannaCry Attack

It wasn’t too long ago that businesses spent over $1 Billion on ransomware (that was in 2016). With two global ransomware attacks that have happened in the past month, it’s clear that the ransomware train is not stopping anytime soon.  

With over 230,000 computers and 150 countries affected, the WannaCry attack definitely made many “wanna cry.” We’re only 7 months into the year and we’ve already been hit with two global attacks; what’s to say there won’t be another one?

Ransomware is a type of malware that encrypts your files in exchange for a ransom. In the premature days, ransomware would only infect a single computer at a time. Now, the infection spreads throughout entire networks at the same time. With the rise of ransomware attacks, it’s more important to stay connected, now more than ever.  

These steps will get you ready for the next attack and keep the hackers at bay.

  1. Backup Your Data

Backing up your data could be the golden to key in the fight against ransomware.

Why are backups so important?

The main purpose of a backup is create a copy of your data in the event of an emergency (i.e. ransomware attack, flood, earthquake, technology failure, etc.). Most backups used to be stored on actual appliances, which still run the risk of being either infected or damaged in the event of a disaster. Since attackers have gotten wiser, servers and machines are now regularly being infected alongside computers, which is why it’s so important to backup to a ransomware resistant virtual appliance.

Being able to backup your data and restore it immediately is a crucial step when fighting against ransomware. To be able to restore your data and get back to business without paying the ransom is invaluable!

As an IT company, we have helped many of our clients recover from ransomware, which is why we only partner with trusted backup storage and solution companies. If you are looking to upgrade your backup solution, our most trusted partner is reevert Storage and Backup Solution. Visit their website for a free 30-day trial.

  1. Avoid easy passwords 

Having to remember a million different passwords can be a hassle, it’s true. But instead of looking at it like that, just think about what a real hassle it would be to be hacked. By changing your password every few months, you’re being proactive in battling hackers from stealing your data.

To learn the do’s and don’ts of passwords, check out our infographic here.

  1. Keep your Windows up to date

While you can do your absolute best to avoid clicking on the wrong emails or going on safe sites, it can all be compromised if you don’t update your Windows system. What made Petya malware and WannaCry so successful was that they exposed vulnerabilities in unpatched systems, allowing them to leak through onto the system. By updating your system as soon as the patches are released, you’re being proactive in protecting yourself against ransomware.

If you have Windows 10, updates will automatically be installed. If you’re running on any system before that, be sure to run these updates immediately.

Email security is also an important factor in fighting against ransomware. To learn about email security, read our blog

Don’t let the perpetrators win. Follow these tips to avoid being a victim during the next WannaCry attack.

What is a Phishing Scam and How to Avoid Being A Victim

What is a phishing scam?

Phishing Scams are carried out through emails, website and phone calls with one main purpose in mind: to steal your money. Many times, your sensitive information is stolen via malicious software on your computer or through a process called ‘social engineering’. Social engineering is when you hand over your personal information under false pretenses. Being aware of cybercriminals’ tricks is an important factor in cybersecurity.

How to Avoid An Email Phishing Scam:

1. Is the “from” email address a random email address? If you don’t recognize the sender and it’s unrelated to the content of the message, delete it immediately.

2. Is it being addressed to a generic name (i.e. Dear Customer, user, you, etc.)? You might even find that you were simply bcc’d on the email. Most of these are spray-and-pray types of situations.

3. Look for poor grammar and spelling mistakes in the email content. Most major companies have a staff of copywriters or editors that would not allow mass emails to go out with spelling / grammar mistakes (although, the criminals are getting much better).

4. Be aware of anything that implies a threat or immediate action to be taken. If they’re threatening to close your account if you don’t respond or login, it’s most likely a scam.

5. Always hover over links and check the address before clicking them. Oftentimes, links are disguised and direct to a malicious website. Always type in the URL directly into the address bar.

For example, you may be getting a phishing email disguised as your bank. These usually take you to a fake website where you enter in your sensitive credentials.

6. Unless you’re expecting an attachment or link from someone you recognize, never click or open them. Cybercriminals can steal private information by installing malicious software on your computer. A common tactic is using Word or Excel Document Macros (automation scripts) to execute or download malicious software on your computer or network.

To learn more about how to protect yourself and educate your employees, check out Inverselogic’s free guides to cybersecurity. If you are interested in personalizing these guides for your business, let us know and we’d be happy to work something out with you.

NHS, FedEx and Other Major Companies Hit in Global Cyberattack

More than 74 countries and 45,000 attacks were carried out during a global cyberattack today. Among the countries affected, 16 National Health Services (NHS) hospitals in England were hit, along with FedEx and Spain’s largest telecom.

The attack appears to be carried out by hackers using a stolen tool created by the United States National Security Agency (NSA): WannaCry Ransomware.

With this strain of ransomware, $300 (£233) is being demanded in exchange for the decryption key for each locked system. Hospitals were forced to shut down their emergency rooms and send patients to other locations. Patient records, schedules, phones and email were all compromised during the attack, putting a number of patients at grave risk.

As of now, it is not being seen as a matter of national security brought on by foreign power. It is still being treated as a very serious matter.

For more information, please visit reevert.com to read the full article.

Cybersecurity Experts Give 5 Tips to Avoid Ransomware

Malware – a mashup of the words ‘malicious’ and ‘software’ – is what cybersecurity experts use to describe any malicious program on a computer or mobile device. Ransomware, a type of malware, is a version that encrypts files and asks for a ransom (typically through bitcoin), in order to decrypt said files. Though there are various types of malware that exist, many versions install without user consent. The effects of malware range from crippling your computer to stealing sensitive data.

Recently, there has been an increase in attacks on hospitals in exchange for hefty funds. In February, Hollywood Presbyterian Medical Center paid a $17,000 ransom (40 bitcoin) after a hacker seized their patients medical records and important files. Unfortunately, this is a trend that is happening all too often. We’ve put together an infographic to help you fight against ransomware and protect your important files. If you do not have a proper backup plan set up, Inverselogic’s cybersecurity experts can put a plan of action together for you and your business.

Malware Infographic

$30 Million Paid as Ransom to Cryptolocker Creators

In the last 90 days, 200,000 to 250,000 PCs have been infected with Cryptolocker ransomware. The ransomware infects a system when users click a link, sometimes claiming to track a package. Instead, malware encrypts all files on the PC, making them inaccessible unless a fee is paid.

The average ransom paid between US and UK users is $300. Previously, if the ransom was not paid within a certain time period, the files were permanently locked, but creators of the malware have recently added a late payment option, at a high cost of $300,000.

cryptolocker

According to Dell Secured Counter Threat Team, those behind Cryptolocker have made over $30 million. in the last three months. The malware is said to have originated in Russia or Eastern Europe where “bullet-proof” hosting services are indifferent to criminal activity on their networks.