After a failed attempt to extort a ransomware payout from Clark County School District in Nevada, cybercriminals have dumped student and employee personal information onto hacking related forums. While the initial ransomware incident was first reported on September 8th by the Associated Press, the Clark County School District was infected with malware on August 27th. Law enforcement and computer forensic investigators were brought in, and although it was too late to prevent the data from being stolen, a thorough investigation may lead to the identification of the people responsible for the crime. When more organizations refuse to pay the ransom demand and provide detailed information to investigators, the chances of stopping further criminal activity greatly increase.
Based on statistics from cyber insurance providers, ransomware accounted for over 41% of cyber insurance claims filed in the first half of 2020. However, while ransomware is very common, they almost never happen without some technical indicators. Most ransomware operations take a few days after the initial intrusion to complete as cybercriminals conduct reconnaissance of the network, seek out administrator credentials, and expand their span of control. In that time, the cybercriminals can be detected and evicted from the network, but only if proper detections are in place and a security team is monitoring the detections closely. Because of this, Binary Defense recommends the use of a 24/7 Security Operations Center, either staffed internally or using an expert security service provider such as our Security Operations Task Force.