According to
Kaspersky security
experts, 2019 has seen a significant spike of ransomware attacks on
municipalities. This conclusion comes after the company's researchers observed
at least 174 municipal institutions with more than 3,000 subset organizations
have been targeted by ransomware throughout the last year. This represents a
60% increase from the same figure in 2018.
Ransomware is notorious in the corporate sector for
financial devastation and has affected businesses around the world for several
years. This year has seen rapid development of an earlier trend where malware
distributors have targeted municipal organizations. Researchers note that while
these targets might be less capable of paying a large ransom, they are more
likely to agree to cybercriminals' demands. Blocking any municipal services
directly affects the welfare of citizens in financial losses as well as other
significant and sensitive consequences.
When considering publicly available information, ransom
amounts have varied greatly with highs reaching up to $5,300,000 and $1,032,460
on average. Researchers note that these figures do not accurately represent the
final costs of an attack, as the long-term consequences are far more
devastating.
The malware that was most often observed were varied, yet
three families were named as the most notorious by Kaspersky researchers: Ryuk,
Purga and Stop. Ryuk appeared on the threat landscape more than a year ago and
has since been active all over the world in public and in the private sector.
Its distribution model usually involves delivery via backdoor malware which
spreads by the means of phishing with a malicious attachment disguised as a
financial document. Purga malware has been recognized since 2016, yet only
recently municipalities have been discovered to fall victims to this Trojan
having various attack vectors from phishing to brute force attacks. Stop
cryptor is relatively new as it is only a year old. It propagates by hiding
inside software installers. This malware continues to be prevalent, ranking at
number seven in the top 10 most popular cryptors ranking of Q3 2019.
"One must always keep in mind that paying extortionists
is a short-term solution which only encourages criminals and keeps them funded
to quite possibly repeat the same acts," said Fedor Sinitsyn, a
security researcher at Kaspersky. "In addition, once a city has been
attacked, the whole infrastructure is compromised and requires an
incident investigation and a thorough audit. This inevitably results in costs
that are in addition to the ransom requested. Based on our observations, cities might
be inclined to pay because they usually cover the cyber risks with
help of insurance and allocating budgets for incident response. The better
approach would be to invest in proactive measures like proven security and
backup solutions as well as regular security audit. While the trend of attacks
on municipalities is only growing, it can be stifled by adjusting the approach
to cybersecurity and what is more important by the refusal to pay ransoms and
broadcasting this decision as an official statement."
To read more about Kaspersky's story of the year, please
visit Securelist.com.
The full list of Kaspersky Security Bulletin stories with
results from 2019 and predictions for 2020 is available here.