Ryuk ransomware has been used to lock up files at Boston’s Committee for Public Counsel Services, a public defenders office that provides lawyers to those who cannot afford them, The Boston Globe reports.
Fortunately, the agency was able to refuse to pay a cryptocurrency ransom demanded in the attack because it possessed external backups of the affected files, and the virus deployed does not appear to have extracted data.
The work of removing the ransomware and the Trojan virus used to locate sensitive files, however, has required that the agency’s entire computer system be taken offline for maintenance.
According to The Globe, “If left in place, the viruses could spread or activate the ransomware again.”
The maintenance has resulted in a “weekslong slowdown” of the committee’s work, the disabling of its email systems, and the delaying of about 100 trials as well as delays in payments to lawyers.
One affected trial includes a case of sexual assault against a child, which was set to go before a judge on March 25th.
That case will not commence now until the end of May.
Jake Wark, a spokesperson for the Suffolk district attorney’s office, said the delay of this case could extend the alleged victim’s suffering:
“It can be very difficult for any sex assault victim to psych themselves up to testify, only to find that date has been pushed back.”
Lisa M. Hewitt, general counsel of the committee, told the Boston Globe that the attack has added to the workload at the Committee, but that staff are determined to meet the challenge:
“It’s been a burden, but our staff has risen to the challenge, and we are in a day-to-day environment trying to represent our clients as zealously as we [always] strive to do.”
Ryuk ransomware, which originated in Russia, has been used to target multiple public and private targets in the US, including attacks last Christmas on newspapers owned or formerly owned by Tribune publishing.
According to ZDNet, systems locked by Ryuk ransomware in the newspaper attacks:
“…stymied distribution of the West Coast editions of the Wall Street Journal and New York Times…(and resulted in) The print editions of the Chicago Tribune, Lake County News-Sun, Post-Tribune, Hartford Courant, Baltimore Sun, Capital Gazette, and Carroll County Times…(being) published Saturday without paid death notices and classified ads…”
According to Recorded Future cybersecurity analyst Alan Liska, public agencies are preferred targets in these attacks:
“They just don’t have the budget that other types of targets do. And because they have an obligation to respond to their constituents, they’re more likely to pay.”
Liska advised against paying ransoms to hackers if it can be avoided.
Boston’s Committee for Public Counsel Services believes the ransomware may have entered its computing systems through an infectious link included in a phishing email to an employee.
The Philadelphia Enquirer recently published simple and effective steps small organizations can take to enhance their cybersecurity, including:
- Make sure anti-virus and anti-malware software is in place and subscribed for regular updates. Keep subscriptions up to date. These services are the bare minimum “prophylaxes” needed when “coming into contact with” the Internet.
- Train self and staff. Very often, malware is introduced onto an enterprise’s or institution’s computer system via a phishing email designed to entice the clicking of an infected link. In some cases, the specific staff at a target have been intimately profiled and an email crafted to seduce them specifically. For example, a crypto exchange employee was phished using “a nearby dog show email.” After the employee clicked on a link in the email, the exchange was subsequently robbed. Advise staff to eschew opening emails from unknown senders unless they consult with office security personnel first. Consider conducting regular online security tests of employees.
- Back up all files using a cloud or hardware. While this will not resolve data security problems resulting from the theft or locking of company data, it can take the sting off and could prevent you from having to pay a crypto ransom and having business operations indefinitely suspended.
- Keep all operating systems updated. Update all browsers and apps as well. Hackers regularly “hammer” popular software to unearth weaknesses and detect bugs. Updates contain important patches that close these vulnerabilities.