Ransomware Aftershock: The Road To Recovery After A Cyber Data Hijack

Preparing Your Organization To Cope In A Similar Cyber-Attack Situation



Jeff Orr
09/18/2019

Ransomware Aftershock: The Road To Recovery After A Cyber Data Hijack

The disclosure of ransomware attacks grows as U.S. municipalities and city services – all rich in data – find themselves the target of cyber hijacking. Beyond payment (or not) of the ransom, little has been shared about the cost for an organization to recover from this form of attack. Recent news from three entities is helping shed light on the recovery costs and on-going learnings from ransomware attacks.

City of Baltimore Discloses Data Loss From Ransomware Attack

Hackers successfully infiltrated systems operated by the City of Baltimore this past May. The attackers encrypted data files and demanded a ransom in exchange for the decryption keys. Mayor Bernard C. “Jack” Young refused to pay and IT leaders were instructed to rebuild the municipality’s computer systems. City of Baltimore officials placed a price tag of $18 million on the estimated cost of the ransomware attack.

In August, city leaders voted to divert $6 million of parks and recreation funding to IT “cyber-attack remediation and hardening of the environment,” according to the city’s spending panel known as the Board of Estimates.

Now, Baltimore’s auditor told city officials that IT performance data was lost during the attacks, according to reports in the Baltimore Sun. Without backups of the locally stored data, the auditor is unable to verify some claims made by the IT department. This is the first notification made by City of Baltimore than data loss occurred from the attack.

See Related: Baltimore Blames NSA For Ransomware Attack

Western Connecticut School District Hit With Second Ransomware Attack

It is unfortunate when a ransomware attack occurs. And it is nearly unfathomable that a second attack would even be a consideration. However, Wolcott Public Schools in Connecticut finds its school district in this predicament.

In June of this year, the school district was hit with a ransomware attack. The cyber hijackers requested $12,000 to release the encryption keys though the school board has not been paid it. Reports in the Hartford Courant say that Wolcott Public Schools noticed suspicious activity in the district’s computer systems in early September. Since the district was still recovering services locked out from the June attack, officials voluntarily shut down the network out of caution.

Wolcott’s police chief says that the hackers appear to be different groups behind each attack. The school district has hired a cyber security organization to provide an assessment on the situation and triage the network and computer systems.

See Related: Patching And The Basics

City of Albany Shares Costs For Overtime, System Upgrades And Professional Services

In March, the city of Albany, New York had its computer systems shut down when a ransomware attack locked its data. Details have not been shared about the ransom amount requested to release the data.

WNYT, an Albany news channel, requested the city disclose details of expenditures associated with the ransomware attack. City officials responded with a cost of $161,000 related to employee overtime for re-entering lost data, hardware and software system upgrades, credit monitoring services for city employees and professional cyber security services. The amounts differ from the $300,000 that Mayor Kathy Sheehan shared during an event.

Sheehan said that a municipality such as Albany always has unexpected events. “Sometimes, it's a catastrophic storm, this past year it was an unexpected ransomware attack.” The city has invested to rebuild its former capabilities to deliver services to its citizens and invested to make sure this type of attack does not happen again.

Steps Your Organization Can Take Today To Prepare For a Ransomware Attack

Without a full post-mortem review of actions and best practices available, organizations can still action the security team with information that is known about ransomware attacks. “Take these examples of ransomware attacks as a template to run a desktop exercise … to identify and determine how well your organization could cope in a similar situation,” said Brian Honan, founder and head of IRISSCERT, Ireland’s first CERT.

These cities won’t know the full scope of lost data until recovery efforts are complete. Lost data will include not only files not backed up, but also, transactions that cannot be rolled forward or recreated. “Beyond reviewing your IT assets to ensure appropriate backups are in place regularly, also document and revalidate areas where the risk of data loss has been accepted,” said Lee Neely, a Senior Cyber Analyst at Lawrence Livermore National Laboratory.

See Related: Cyber Security Mid-Year Snapshot 2019

RECOMMENDED