Reported Ransomware Attacks are Horrifying

There are dozens of reported ransomware attacks in the U.S. Many are in the public sector where disclosure rules force these entities to make these issues public. Cloud security solutions provider Armor recently put together a list of these entities who have been hit.

They identified the City of Borger, Texas is among the 23 local Texas government organizations hit by ransomware on August 16th 2019.   There have been a total of 68 publicly reported ransomware attacks since January against municipalities, including the 23 in Texas.  As of today, Texas leads the nation in the number of municipalities which have fallen victim to ransomware, they are currently up to 30 victims,  followed by Georgia with 9,  Florida and New York with 8,  and Ohio with 7, etc. We were surprised to see Connecticut with 3 reported cases – relative to the population, this is a significant number. Connecticut has a population of 3.6 million while New York has 19.5 million.

See the full list is at the bottom.

Armor has tracked 134 U.S. organizations which have been infected with ransomware since the beginning of the year. Municipalities make up the largest portion.  This is followed by healthcare organizations and school systems.  The remaining victims fall into a variety of different industries including entertainment, law enforcement, etc.

States with Most Ransomware Incidents Affecting Municipalities

As of today, Texas leads the nation in the number of municipalities which have fallen victim to ransomware, they are currently up to 30 victims,  followed by Georgia with 9,  Florida with 8, along with New York, Ohio with 7, etc. . See the full list below.

Texas: 30 (with 23 announced August 16)

  • Georgia: 9
  • New York: 8
  • Florida: 8
  • Ohio: 7
  • California: 7
  • Pennsylvania: 6
  • Washington: 5

134 U.S. Organizations Publicly Reported Victims of Ransomware in 2019

Out of the 134 victim organizations compromised by ransomware in 2019 in the U.S. (See the full list of victim organizations at the end of this document),  municipalities make up the largest portion.  This is followed by healthcare organizations and school systems.  The remaining victims fall into a variety of different industries including entertainment, law enforcement, etc.

  • 68 attacks on municipalities
  • 23 attacks on healthcare systems
  • 16 school systems, colleges or universities
  • 7 law enforcement agencies
  • 3 managed service providers (MSPs)
  • 3 radio stations
  •  2 media companies
  • 2 large airport
  • 1 synagogue
  • 1 charity
  • 9 other

The High ROI of Ransomware

Compared to the amount of money a ransomware operation can generate, the cost of getting into the ransomware game is negligible.  Take for example, the threat actor (s) that hit Riviera Beach, Florida, they made off with $600,000 in one attack.  The threat group that hit Lake City, Florida with the Ryuk ransomware collected $460,000 in one haul. 

To get an idea of how inexpensive ransomware and ransomware-as-a -service (RaaS) solutions are being sold for on the Underground Hacker Markets, Armor’s Threat Resistance Unit (TRU)  went into the Dark Web and found the following ransomware and RaaS offerings being advertised.  

Generic Ransomware $225
Generic Ransomware $660
Inpivx Ransomware Ransomware +Panel +Tutorial= $500  Ransomware-only-$300 Panel-only – $200
Ranion-(RaaS) 12 months $900 6 months $490 1 Month  $120
Megacortex Ransomware $1,000 or €1,000 +10% of ransom
       

The creators of the Inpivx ransomware offer to sell the source code to their panel, the ransomware and a tutorial for only $500. Or buyers could buy the components separately. 

Inpivx pricing:

  • Inpivx Ransomware + Panel + Tutorial = $500
  • Inpivx Ransomware-only – $300
  • Inpivx Panel-only – $200

Popular Ransomware Families

According to news reports, the ransomware which hit the local Texas governments is called .JSE ransomware. It is also sometimes referred  to by anti-virus vendors as Nemucod, the downloader trojan which has been seen dropping the ransomware onto infected computers.  This ransomware family is only one of hundreds of different ransomware families identified by Armor’s (TRU) research team and by the security research community.  Other notable ransomware families which are making their mark in 2019 include: 


An Ounce of Prevention is Worth a Pound of Cure

From the rash of ransomware attacks which have occurred this year, if there is any lesson to be learned and only one preventive measure which can be taken is that organizations must utilize OFFLINE BACKUP STORAGE of all critical data, applications and application platforms.  They must ensure that these are backed up, password- protected and air-gapped from the Internet and ensure that they have multiple copies.

Other Key Ransomware Protection Tips  Include:

  • White Listing Solution – limits the use of applications and processes that are allowed to run in your environment by providing a short list of approved applications and processes. Like a VIP List for your PC, if it’s not on the list, it’s not allowed.
  • File Integrity Monitoring—Monitors your IT environment 24x7x365 for changes to critical OS,  files and processes such as directories, registry keys, and values.  It also watches for changes to application files,  rogue applications running on the host and unusual process and port activity, as well as system incompatibilities.
  • Practice Least Privilege Access Control –ensure the user has the least privilege for their job. This also applies to services.
  • Audit/Penetration Testing from Independent, Third-Party Experts—to ensure that you are implementing best practices. 
  • IP Reputation Monitoring/Blocking—blocking bad known bad infrastructure and actors 
  • Continuous Security Awareness Training – educate employees about current and emerging cybersecurity risks and phishing emails. Effective training should actively engage employees and include policies concerning the correct response to suspected phishing attempts.
  • Endpoint Protection Solution – includes protection, detection and response capabilities for laptops, workstations and mobile devices. Utilizes antivirus (AV) and antimalware (AM) to block cyber attacks. It is also used to quickly detect and remediate any malicious activity or infection that has made its way onto the endpoint.

Want more? We have further put together cybersecurity essentials – a simple list which will help most organizations become far more secure. Some of our list overlaps with the above.

Please go to a phishing simulation vendor now and sign up for one of their offerings. Phishing BoxKnowBe4 and Phish360 are all great.

We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately.

Finally, learn about the latest in the ChannelMSPs and Cybersecurity at the world’s only #TechSuperShow, ITEXPO, Feb 12-14, 2020 Fort Lauderdale, FL.

Publicly Reported Victims of 2019 Ransomware Attacks

Vertical Name City State
Education Bridgeport Public Schools Bridgeport CT
Healthcare Southern Hills Eye Care Sioux City IA
Law Enforcement Salisbury Police Department Salisbury MD
Healthcare ActivYouth Orthopedics Paramus NJ
Municipality City of Akron Akron OH
Law Enforcement Lamar County Sheriff Lamar County TX
Municipality City of Del Rio Del Rio TX
Healthcare Columbia Surgical Specialists Spokane WA
Municipality City of Sammamish Sammamish WA
Healthcare Southeastern Council on Alcoholism and Drug Dependence New London CT
Municipality Town of Colchester Colchester CT
MSP Florida ISP Talahassee Talahassee FL
Payroll Apex Human Capital Managament Roswell GA
Education Augustana College Rock Island IL
Education Park Rapids Public Schools Park Rapids MN
Education Taos Municipal Schools District Taos NM
Education Crosby ISD Crosby TX
Media Urban One Media Atlanta GA
Municipality Jackson County Jefferson GA
Education Grinnell College in Iowa Grinnell IA
Healthcare Brookside Medical Center Battle Creek MI
Municipality Orange County Hillsborough NC
Other Arizona Beverages Company Woodbury NJ
Education Hamilton College in New York Clinton NY
Municipality City of Albany Albany NY
Education Oberlin College Oberlin OH
Law Enforcement Fischer County Sheriff Fischer County TX
Municipality Garfield County Panguitch UT
Healthcare Shingle Springs Health and Wellness Center Placerville CA
Municipality Imperial County El Centro CA
Municipality City of Stuart Stuart FL
Media The Weather Channel Atlanta GA
Municipality Stone Mountain Park Association Stone Mountain GA
Education Sugar-Salem School District Sugar City ID
Healthcare Quantum Vision Centers Swansea IL
Municipality Howard County Kokomo IN
Municipality Daviess County Library Owensboro KY
Healthcare ResiDex Software Boston MA
Municipality Leominster Public School District Leominster MA
Nonprofit Fathers Bills and Mainspring Quincy MA
Municipality Genesee County Flint MI
Municipality City of Greenville Greenville NC
Other Cleveland Hopkins International Airport Cleveland OH
Municipality Potter County Amarillo TX
Other Asian Art Museum San Francisco CA
Municipality City of Rivier Beach Riviera Beach FL
Healthcare Talley Medical Surgical Eye Associates Evansville IN
Healthcare Kansas Heart Hospital Wichita KS
Municipality Louisville Airport Louisville KY
Healthcare Imperial Health Lake Charles LA
Municipality City of Baltimore Baltimore MD
Municipality Lansing Board of Water & Light Lansing MI
Education Oklahoma City Public Schools Oklahoma City OK
Municipality City of Washington Washington PA
Municipality Philadelphia Online Courts Philadelphia PA
Municipality Luzerne County Courthouse Wilkes-Barre PA
Healthcare Bayamon Medical Center/PR Women’s and Children’s Hospital Bayamon, Puerto Rico PR
Municipality Hutchinson County Yankton SD
Municipality City of Edcouch Edcouch TX
Municipality City of Laredo Laredo TX
Healthcare Wickenburg Community Hospital Wickenburg AZ
Healthcare Marin Community Clinics Novato CA
Healthcare Estes Park Health Estes Park CO
Municipality City of Lake City Lake City FL
Media WMNF Radio Tampa Bay FL
Municipality Office of the Courts and Judicial Council Georgia Atlanta GA
Healthcare Park DuValle Community Health Louisville KY
Municipality Strafford County Dover NH
Transportation A. Duie Pyle Carteret NJ
Healthcare Olean Medical Group Olean NY
Healthcare Seneca Nation Health System Salamanca NY
Healthcare NEO Urology Boardman OH
Municipality Fayette County Fayette County OH
Education Sul Ross State University Alpine TX
Law Enforcement St. Johns Virgin Islands Police St. Johns Virgin Islands VI
Healthcare Gray’s Harbor Commnuity Hospital Aberdeen WA
Education Houston County Schools Ashford AL
Municipality Gila County Gila AZ
Media KHSU-Humboldt State University Humboldt County CA
Other CorVel Irvine CA
Municipality City of Lodi Lodi CA
Municipality Key Biscayne Key Biscayne FL
Law Enforcement Lawrenceville Police Department Lawrenceville GA
Law Enforcement Georgia Department of Safety Atlanta GA
Municipality Henry County Henry County GA
Media CHR WCIL (101.5), Z100 WOOZ and news/talk WJPF (1020/1340) Carbondale IL
Other Draper, Inc. Spiceland IN
Municipality LaPorte County LaPorte IN
Municipality Vigo County Vigo County IN
Education Louiaina Public Schools Sabine Parish LA
Municipality New Bedford County New Bedford MA
Healthcare Truman Medical Centers Kansas City MO
Law Enforcement Lincoln County Sheriff Lincolnton NC
Education Gadsden Independent School District (GISD) Gadsden NM
Education Lyon County School District Yerington NV
Municipality Westchester County Library White Plains NY
Education Monroe College New York NY
Education Syracuse City School District Syracuse NY
Municipality Onodaga County Syracuse NY
Municipality Richmond Heights Polie Department Richmond Heights OH
Education Broken Arrow Public Schools Broken Arrow OK
MSP PM Consultants Portland OR
Municipality Butler County Federated Library System Butler PA
Other Unnamed Business? Greenburg PA
Healthcare Net Health Pittsburgh PA
Municipality Newport Public Schools Newport RI
Municipality Town of Collierville Collierville TN
Education Northwest Indian College Bellingham WA
MSP iNSYNQ-MSP Quickbooks Accounting Gig Harbor WA
Other Ohev Shalom Synagogue Maitland FL
Healthcare Eye Care Associates Beaver Township OH
Municipality Texas DPS, DHS -Austin* Austin TX
Municipality Texas DPS, DHS -Austin* Borger TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX
Municipality Texas DPS, DHS -Austin* Local TX

 

Share via
Copy link
Powered by Social Snap