A Florida city that paid $460,000 ransom in June is still struggling to recover. Riviera Beach’s city computer systems were seized, causing havoc in the local police and fire departments.  The attack began when a city employee unknowingly opened a malicious email document that downloaded the Emotet Trojan.  Emotet then downloaded Trickbot, and together these viruses planted the RYUK ransomware, encrypting more than 16,000 gigabytes of city records.  Even though the attackers provided the decryption key, the recovery process is slow, and city officials remain unsure whether they will recover all of their data.

The more people pay, the more bold attackers become.  “These groups are always trying to find that sweet spot: What is enough someone will consider paying but not so much that they’ll say, ‘Forget that. It’s easier to rebuild,’” says Mark Orlando, chief technology officer for Raytheon Intelligence Information and Services. “This is a situation where that amount is going up, and we have reached a new high-water mark as to what is getting paid out.”

Maintaining secure backups is essential for recovery efforts, but avoiding a ransom situation altogether is obviously ideal.  KnowBe4 offers a ransom simulator tool to test your system.  The purpose of RanSim is to “check if a workstation is well-protected with endpoint security software which would be able to detect and prevent real ransomware attacks.” RanSim will simulate 15 ransomware infection scenarios and 1 cryptomining infection scenario to look for vulnerabilities in your system.

You can download the latest RanSim at: https://www.knowbe4.com/ransomware-simulator

Photo by docoverachiever ransom photo

Photo by docoverachiever

Categories: Cybersecurity

Leave a Reply