Hacking is a mean and easy way to make a living for people with skill levels you’ll find in your own IT department. If you haven’t heard about what happened in Baltimore last week, then allow us to elucidate the situation. For the second time in a little over a year, the City of Baltimore was hit by a ransomware attack. In March 2018, criminals took down Baltimore’s 911 and emergency responders for about 17 hours. Last Tuesday, mail servers and other systems were hit with RobbinHood ransomware. Subsequently locking city workers out of their computers and encrypting their files. The hackers most likely gained access to the city’s systems through malware and email phishing, or unpatched public-facing systems.

The FBI has confirmed that this is a very aggressive ransomware attack. The message from the hackers demands either 3 Bitcoins per system (roughly $17,600), or 13 Bitcoins to release all of the systems ( about $76,280). The mayor has stated that Baltimore won’t be paying the ransom. Suffice it to say, the city has a long road ahead to get back online. Every fine and bill payment has to be manually handled by Baltimore’s citizens with cash or money order, and through the mail or in person. What are the steps organizations and city governments can take to strengthen cyber security?

How did this happen?

Malware and phishing can happen simultaneously or separately with the same end goal – to steal your personal information or get access to sensitive data and accounts. These kinds of attacks are due to human error. Through phishing, an employee might be asked to reset their password for a webpage masquerading as a commonly used application. With the account credential, an attacker can gain access to any resources that account is entitled. In a malware scenario, an employee might click a link or open an email attachment and unknowingly download a “RAT,” a malicious piece of software which gives remote access to the user’s endpoint in order to view, steal or encrypt data.

Defense Strategy

Our security team at Volta can provide solutions to mitigate the risk of these types of attacks.

  • MFA or Multi Factor Authentication: MFA requires information like username and password, plus a device like a smartphone. A text message or even a phone call is sent to your device to verify your identity. Volta can deploy or manage a couple different MFA solutions.
  • Secure email gateway: Email gateways have evolved to include URL sandboxing, malware sandboxing and other technologies to more effectively catch malicious emails before they are delivered.
  • EDR or Endpoint Detection and Remediation: More than legacy antivirus, EDR solutions can detect malicious files through machine learning, and sandboxing with a suite of policy-based solutions to contain and stop threats at the endpoint. Volta has the skills to install and run EDR tools correctly in your organization’s environment.
  • Password Manager: Enforcing complex passwords and giving your users tools like a password manager can improve your posture by discouraging password reuse across accounts. A password manager randomly generates strong account passwords and keeps track of them. The Volta Services Team can quickly implement a password management tool, and provide training to significantly improve your organization’s security hygiene.

Baltimore was breached through an unpatched public-facing system. Unpatched systems create exposures that lead to a large number of cyber attacks. Many businesses have a hard time staying on top of these vulnerabilities. Patching systems is a tedious task many IT admins put off, which is sometimes due to resource constraints or because the admins need to test patches for compatibility with critical systems. We are experiencing a notorious security skills shortage within the IT industry. Many organizations know they’re at risk, but they don’t have the people to allocate to patches and updates.

Utilize Managed Security Services

Volta supports multiple customers with managed security services to mitigate the risk of these kinds of cyber attacks. With managed vulnerability scanning from Volta, we will scan your systems for updates and activity. We then interpret and curate the results, placing items in order of urgency. Additionally, we provide a dedicated team to respond and implement immediate patches and updates.

Baltimore has many months of recovery ahead of them. As these cyber attacks on cities increase, it’s important that we educate ourselves on the best defensive solutions and tactics. Check out Volta’s security solutions here.