The Canadian Ransomware Incidents
The town of Midland Canada has recently been ravaged by the aftermath of a ransomware attack. Ransomware is a type of malicious cyberattack that locks sensitive data on your computer behind ransom-walls. Attackers then demand payment in the form of physical or digital currency for the safe release of this information. It was reported that the city’s transit infrastructure was most heavily impacted, with all digital transactions and account management services having to be temporarily stopped.
Luckily, core infrastructure sectors such as rescue services and fire and water management were unaffected by the attack. This is because they were deliberately kept disconnected from the city’s IT network for security – an IT safety strategy known as network segmentation.
With no options remaining, the city of Midland was forced to succumb to the demands and paid an unreported amount of money for the return of their data.
Recently, ransomware attacks have been a common occurrence in Canadian towns. Wasaga Beach was also impacted earlier this year on April 30th by a similar incident. The town’s treasurer Jocelyn Lee stated that it took nearly two months of working with cybersecurity technicians and negotiations to finally clear the systems of the malware and return them to normal operation. It was reported here the town paid $34, 950 to recover the lost data.
In both of these cases, neither town has successfully determined how the ransomware infiltrated their systems.
No Guarantee of Safe Return
Payment of a cyberattacker’s demands does not even guarantee the unlock of the blocked information. It is common for ransomware software to not come with the ability to assign unique identifier keys to victim computers, making it impossible to know who paid the ransom fees. In other words, paying a ransom is a gamble on not only whether the attackers will uphold their word to release the information, but also on whether they can do so at all. Nevertheless, victims often have little choice but to comply to demands with the hope that their data can be recovered.
Furthermore, the unlocking of the data does not guarantee that the computer is free of other malicious software. It is possible and indeed common for attackers to further infect computers with other data-stealing or cryptojacking malware into their victim’s computers.
How To Protect Yourself
The city of Midland was able to contain the reach of the ransomware using a strategy called network segmentation. Typically, an IT network consists of a web of computers that are connected to each other, often over a server. This allows for the convenience of quick data and file transfer. However, these connections also act as bridges that malware can use to further infect other computers once it has established an initial host. This was the case in the Wannacry Ransomware epidemic of 2017. This malware was able to wreak havoc on many companies’ servers due to its ability to spread through these connections without further user input, a characteristic called ‘worm capability’.
Network Segmentation is a cybersecurity strategy that involves deliberately dividing your company’s network in order to reduce the bridges that malware can use to spread itself. By sacrificing a portion of daily convenience, it ensures that malware incidents can be quarantined. Critical computers, such as those with administrative access, are often completely disconnected from the network as they are prime targets for cyberattackers.
GigE Solutions can help your organization protect itself from ransomware attacks. Our technicians have years of cumulative experience designing and deploying cybersecurity strategies. Contact us at +1 888 366 4443 today!