discussion V1

Ransomware is malicious software that encrypts files and requires a key to decrypt the files. To get the files decrypted, the company or organization must typically pay the hackers a large fee, often in Bitcoin or another cryptocurrency. It is important to note that cryptocurrency payments are one-way transactions that are impossible to trace. There is risk, too. If the hackers do not provide the organization with the decryption key after payment, there is no refund.

Hackers in recent years have targeted businesses such as hospitals for ransomware attacks, as well as cities and towns, large and small. Black hat hackers encrypted the city of Baltimore’s systems, as well as two smaller cities in Florida.

Read these brief articles from the UMGC library to learn about the ransomware incidents:

Chokshi, N. (2019, May 23). Attacked With Ransomware, Baltimore Isn’t Giving In. New York Times, p. B6(L).

Mazzei, P. (2019, June 28). Another City in Florida Pays a Ransom to Computer Hackers. New York Times, p. A17(L).

If the organization does not pay the ransom, it would need to either use backups to restore to an earlier network or system state, or to rebuild its systems and data. In the case of the Baltimore city government, its backup systems were also encrypted, so the city was unable to process real estate transactions.

Depending on the complexity of the environment and the amount of data encrypted, this could cost the organization more than the ransom, perhaps even 10 to 20 times the amount.

  • What would you do if you were the cybersecurity analyst that had to advise the city of Baltimore and/or the smaller cities?
  • Would you pay the ransom? Consider both sides of the argument by conducting internet research to understand the different viewpoints. When you are ready, explain why you would or would not pay the ransom.
  • If you agree to pay the ransom, what are you going to tell the CEO if the hackers don’t end up providing the decryption key to unlock the files or come back and ask for even more money?
  • If you don’t agree to pay the ransom, what are you going to tell the CEO, especially if the costs to restore far exceed the ransom?
  • Are there ethical considerations? If your organization pays, will other organizations be vulnerable to similar attacks on their systems?
  • Would you have a different decision if you were working for a small organization like Mercury USA?

    Attacked With Ransomware, Baltimore Isn’t Giving In Chokshi, Niraj . New York Times , Late Edition (East Coast); New York, N.Y. [New York, N.Y]. 23 May 2019:

    B.6.

    ProQuest document link

    FULL TEXT More than two weeks ago, hackers seized parts of the computer systems that run Baltimore’s government.

    It could take months of work to get the disrupted technology back online. That, or the city could give in to the

    hackers’ ransom demands.

    “Right now, I say no,” Mayor Bernard Young told local reporters on Monday. “But in order to move the city forward?

    I might think about it. But I have not made a decision yet.”

    Here’s a brief rundown of what happened.

    What was affected?

    On May 7, the city discovered that it was a victim of a ransomware attack, in which critical files are encrypted

    remotely until a ransom is paid.

    The city immediately notified the F.B.I. and took systems offline to keep the ransomware from spreading, but not

    before it took down voice mail, email, a parking fines database, and a system used to pay water bills, property

    taxes and vehicle citations.

    Real estate transactions were frozen, too, until the city put a fix in place this week.

    What was the threat?

    A copy of a digital ransom note, obtained by The Baltimore Sun, stated that the city could unlock the seized files

    for a price: three Bitcoins (nearly $24,000) per system or 13 Bitcoins (about $102,000) for them all.

    (The price of this decentralized, hard-to-track virtual currency fluctuates wildly. On the day of the attack, the

    ransom would have cost about $17,000 per system, or less than $75,000 for them all.)

    “We won’t talk more, all we know is MONEY!” the note said.

    Baltimore has released little else about the attack, citing a continuing F.B.I. investigation.

    Who is behind the attack?

    The authorities have not named any individuals or groups behind the attack, but they have identified the malicious

    software, or malware, behind it as “RobbinHood,” a relatively new ransomware variant, according to The Baltimore

    Sun.

    Such attacks are often carried out by Russian or Eastern European hackers, but that isn’t always the case. The

    ransomware attack that crippled Atlanta’s government for days last year has since been attributed to two men in

    Iran.

    Was Baltimore targeted?

    The city has not described how the attack was executed, but experts don’t believe that hackers sought the city out.

    “I think it was purely an opportunistic attack,” said Lawrence Abrams, the creator and owner of Bleeping Computer,

    a technology news site.

    The language used in the Baltimore ransom note was nearly identical to those used in other RobbinHood attacks,

    according to Mr. Abrams, who has spoken to various researchers about RobbinHood and seen a handful of

    systems infected by it.

     

     

    The creator or creators of RobbinHood most likely scanned a large number of online systems for vulnerabilities to

    exploit, such as gaps in protocols used to grant remote access to computers, he said.

    And Baltimore isn’t alone.

    Early on April 10, officials in Greenville, N.C., discovered that they, too, were the victims of a RobbinHood attack.

    The city declined to pay the ransom, and the attack remains under investigation by the F.B.I., Mayor P.J. Connelly

    said by email.

    How common are ransomware attacks?

    The first known ransomware attack was carried out three decades ago, according to Allan Liska, an analyst with

    Recorded Future, a cybersecurity firm.

    In that 1989 attack, disks claiming to offer information about AIDS were mailed to more than 10,000 people around

    the world. Each contained software designed to lock up a computer’s files with instructions to mail a check to

    Panama so the user could receive another program to undo the damage.

    But ransomware attacks have been carried out much more frequently in recent years thanks to the advent of

    difficult-to-track payment methods.

    “The reason for the modern rise in ransomware, and frankly the wild success, is directly attributable to Bitcoin and

    other cryptocurrencies,” Mr. Liska said.

    In a recent report on ransomware targeting state and local governments, Mr. Liska traced the current era back to

    2013, when the police department in Swansea, Mass., was infected by malware known as CryptoLocker.

    There have been at least 169 incidents of state and local governments falling prey to ransomware since that year,

    though Mr. Liska said that estimate was probably low because governments don’t always publicize such attacks.

    “That’s really only the tip of the iceberg,” he said. “There’s really probably a lot more that are never reported on.”

    About 70 percent of state and local governments refused to pay a ransom, while 17 percent did, he said. The

    outcome could not be determined in the remaining cases.

    Should Baltimore pay?

    The encryption used by ransomware can often be difficult to crack, but Mr. Liska nonetheless advised against

    paying the ransom.

    “That money is going to help make the bad guy’s job easier,” he said, noting that the perpetrator might use the

    proceeds to pay for better, more effective attacks.

    There’s also no guarantee that hackers will hold up their end of the bargain if a victim pays. That said, the hackers

    might release the files if only to show future victims that it’s worth paying, Mr. Liska said.

    In the case of the RobbinHood attack, for example, the creator or creators offered to decrypt up to three files at no

    cost, to show “we are honest,” according to a screenshot Mr. Abrams shared of the ransom payment page.

    The hackers even included a privacy statement.

    “I want to mention that your privacy is important for us, all of your records including IP address and Encryption

    keys will be wiped out after your payment,” it read.

    Photograph

    After it was hit by a ransomware attack, Baltimore immediately notified the F.B.I. and took systems offline, but not

    before several of them were affected. (PHOTOGRAPH BY GABRIELLA DEMCZUK FOR THE NEW YORK TIMES) DETAILS

    Subject: Malware; Digital currencies; Ransomware

    Business indexing term: Subject: Digital currencies Ransomware

    Location: Iran; Baltimore Maryland; Panama; Atlanta Georgia

     

     

    LINKS Check FindIt for availability.

    Database copyright  2022 ProQuest LLC. All rights reserved. Terms and Conditions Contact ProQuest

    Company / organization: Name: Baltimore Sun; NAICS: 511110

    URL: https://www.nytimes.com/2019/05/22/us/baltimore-ransomware.html

    Publication title: New York Times, Late Edition (East Coast); New York, N.Y.

    Pages: B.6

    Publication year: 2019

    Publication date: May 23, 2019

    Section: B

    Publisher: New York Times Company

    Place of publication: New York, N.Y.

    Country of publication: United States, New York, N.Y.

    Publication subject: General Interest Periodicals–United States

    ISSN: 03624331

    Source type: Newspaper

    Language of publication: English

    Document type: News

    ProQuest document ID: 2229028131

    Document URL: http://ezproxy.umgc.edu/login?url=https://www.proquest.com/newspapers/attacke

    d-with-ransomware-baltimore-isnt-giving/docview/2229028131/se-

    2?accountid=14580

    Copyright: Copyright New York Times Company May 23, 2019

    Last updated: 2021-03-15

    Database: New York Times

     

    • Attacked With Ransomware, Baltimore Isn’t Giving In
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.