Government vs. ransomware attacks

The past week gave us a glimpse into what an increasingly possible, widespread rash of ransomware attacks would look like in a worst-case scenario for America. An outbreak of similar penetrations wreaked havoc on Augusta, ME, Imperial County, CA, Stuart, FL, and Greenville, NC.

In Augusta, ME, the ransomware attacks affected municipal services ranging from the police dispatch system to the municipal financial systems, countywide billing services, automobile excise tax records, property tax assessor’s records, and even general assistance hotlines. Greenville, SC is said to be relying on paper forms currently, as its IT department sorts through the issue, while workers in Imperial County, CA, are using their personal email accounts along with Facebook to communicate with residents.

The specific variant of ransomware used is known as Ryuk ransomware, first identified on August 13th, 2018, and categorized as a hybrid between the Bitpaymer Ransomware and the Hermes Ransomware. The Bitpaymer ransomware strain uses an almost identical ransom note, but Ryuk’s encryption method is believed to be based on the Hermes ransomware variant.

Vulnerabilities in state and municipal networks are nothing new. Just last year, cybersecurity researcher Logan Lamb of Bastille Networks managed to breach Georgia’s supposedly secured election data by accident. As a result of his “white hat” hacking operation that was spurred by curiosity inspired by stories regarding Russian election interference, Lamb was able download over 14 GB of Georgia voter information. That information included registration records for 6.7 million voters. Lamb was also able to access the login credentials of poll workers assigned to work on Election Day.

We’ve seen accusations of foreign meddling, most notably in the 2016 American presidential election, that has sent the media into a frenzy and was a continuing theme of the almost two-year Mueller investigation.

Last week’s scare is significant in that, if a coordinated campaign of attacks against the network infrastructures of a major city was to occur, the number of affected Americans could potentially reach into the tens of millions instantaneously. That would have a catastrophic effect on services ranging from 911 and police dispatch systems to local hospital networks.

So how exactly does America protect her intricate and overlapping layers of network communications against criminals that have already show a propensity and a measure of success in negotiating their brazen illegal endeavors?

In Georgia, the election network vulnerabilities exposed by Lamb led to the proposal of a misguided piece of legislation known as SB 315. That bill looked to prosecute the activities carried out by “White Hat” and “Grey Hat” hackers that are an important part of developing network protections.

Thankfully, Governor Nathan Deal vetoed the bill. At the time Deal said, “Under the proposed legislation, it would be a crime to intentionally access a computer or computer network with knowledge that such access is without authority. However, certain components of the legislation have led to concerns regarding national security implications and other potential ramifications. Consequently, while intending to protect against online breaches and hacks, SB 315 may inadvertently hinder the ability of government and private industries to do so.”

Other efforts include California’s CA A 1906, that requires manufacturers of network connected devices in the State of California to equip the devices with preinstalled security features that prevent the remote control or access of the device. In the election-critical state of Iowa, a bill called “IA H 2252” seems to weaken their protections related to the local election process. It “Changes the requirements for membership on the board of examiners for voting systems, allowing one member to have been trained in cybersecurity rather than requiring training in computer programming and operations.”

At the federal level, under last year’s Cybersecurity and Infrastructure Act (CISA), the federal government is shifting its mission towards, “protecting the Nation’s critical infrastructure from physical and cyber threats,” while also seeking, “collaboration among a broad spectrum of government and private sector organizations.”

Recent shakeups at the Department of Homeland Security are sure to have some level of effect on CISA implementation, but the faster that all levels of government find the perfect mix of collaboration, the safer we all are as the proverbial clock ticks towards another eventual cyberattack.

The past week gave us a glimpse into what an increasingly possible, widespread rash of ransomware attacks would look like in a worst-case scenario for America. An outbreak of similar penetrations wreaked havoc on Augusta, ME, Imperial County, CA, Stuart, FL, and Greenville, NC.

In Augusta, ME, the ransomware attacks affected municipal services ranging from the police dispatch system to the municipal financial systems, countywide billing services, automobile excise tax records, property tax assessor’s records, and even general assistance hotlines. Greenville, SC is said to be relying on paper forms currently, as its IT department sorts through the issue, while workers in Imperial County, CA, are using their personal email accounts along with Facebook to communicate with residents.

The specific variant of ransomware used is known as Ryuk ransomware, first identified on August 13th, 2018, and categorized as a hybrid between the Bitpaymer Ransomware and the Hermes Ransomware. The Bitpaymer ransomware strain uses an almost identical ransom note, but Ryuk’s encryption method is believed to be based on the Hermes ransomware variant.

Vulnerabilities in state and municipal networks are nothing new. Just last year, cybersecurity researcher Logan Lamb of Bastille Networks managed to breach Georgia’s supposedly secured election data by accident. As a result of his “white hat” hacking operation that was spurred by curiosity inspired by stories regarding Russian election interference, Lamb was able download over 14 GB of Georgia voter information. That information included registration records for 6.7 million voters. Lamb was also able to access the login credentials of poll workers assigned to work on Election Day.

We’ve seen accusations of foreign meddling, most notably in the 2016 American presidential election, that has sent the media into a frenzy and was a continuing theme of the almost two-year Mueller investigation.

Last week’s scare is significant in that, if a coordinated campaign of attacks against the network infrastructures of a major city was to occur, the number of affected Americans could potentially reach into the tens of millions instantaneously. That would have a catastrophic effect on services ranging from 911 and police dispatch systems to local hospital networks.

So how exactly does America protect her intricate and overlapping layers of network communications against criminals that have already show a propensity and a measure of success in negotiating their brazen illegal endeavors?

In Georgia, the election network vulnerabilities exposed by Lamb led to the proposal of a misguided piece of legislation known as SB 315. That bill looked to prosecute the activities carried out by “White Hat” and “Grey Hat” hackers that are an important part of developing network protections.

Thankfully, Governor Nathan Deal vetoed the bill. At the time Deal said, “Under the proposed legislation, it would be a crime to intentionally access a computer or computer network with knowledge that such access is without authority. However, certain components of the legislation have led to concerns regarding national security implications and other potential ramifications. Consequently, while intending to protect against online breaches and hacks, SB 315 may inadvertently hinder the ability of government and private industries to do so.”

Other efforts include California’s CA A 1906, that requires manufacturers of network connected devices in the State of California to equip the devices with preinstalled security features that prevent the remote control or access of the device. In the election-critical state of Iowa, a bill called “IA H 2252” seems to weaken their protections related to the local election process. It “Changes the requirements for membership on the board of examiners for voting systems, allowing one member to have been trained in cybersecurity rather than requiring training in computer programming and operations.”

At the federal level, under last year’s Cybersecurity and Infrastructure Act (CISA), the federal government is shifting its mission towards, “protecting the Nation’s critical infrastructure from physical and cyber threats,” while also seeking, “collaboration among a broad spectrum of government and private sector organizations.”

Recent shakeups at the Department of Homeland Security are sure to have some level of effect on CISA implementation, but the faster that all levels of government find the perfect mix of collaboration, the safer we all are as the proverbial clock ticks towards another eventual cyberattack.