New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Malware Attack Hits Government of Montgomery County, Ohio

The Clerk of Court for the government of Montgomery County, Ohio reported that the county’s computer network was the victim of a malware attack recently, which caused problems for several different county departments. The county court’s E-filing system was down, forcing county residents to fax documents or appear in person to file documents with the court. The Clerk of Court Mike Foley stated, “During this COVID-19 pandemic, it certainly appears that computer networks are even more vulnerable to attacks and the government is no exception.”

In another recent malware attack against a local government, Duncannon borough in Perry County, Pennsylvania paid attackers over $40,000 in total to restore files encrypted by ransomware. The attackers initially demanded $50,000 but negotiated down to $35,000. After receiving the payment, some of the files were decrypted but other files on a virtual server were still not restored. The attackers demanded another $10,000 to decrypt those files but reduced the demand to $5,780. The borough said that they were reluctant to pay the criminals, but all files were eventually restored, and the government is adding more robust security measures as well as additional backups for the future.

Analyst Notes

The strongest position for any company or local government is to detect intrusions and stop them before attackers have the chance to deploy ransomware or cause major disruptions. If files are encrypted by attackers, then it is important to have backups stored in a secure off-site location so that operations can be restored quickly. Many ransomware attacks threaten to publicly release stolen data if extortion payments are not made, which further complicates recovery even if there are backups available. To avoid all of the expense and downtime associated with recovering from a ransomware attack, workstations and servers should be monitored by security analysts to detect attackers by recognizing unusual events and attacker behaviors, responding quickly to isolate infected computers and cut off attacker’s access while they are still in the exploratory phase.