On November 9 and November 12, the computer systems of Union County and the city of Dover, respectively, were both targeted by a ransomware infection. Details in either case are still limited at this time, however, the attacks affected the internal networks of both governments to some degree before service was restored. The public agencies were able to regulate the damage with external help from IT service firms.
Union County and Dover, Morris County, NJ Cyberattacks
The first attack occurred on a Saturday, so the Dover municipal government was not aware of the infection until the following Tuesday – the same day Union County’s network was hit, though they were able to respond to the incident much more quickly as it happened on a weekday. Both experienced a slowdown in their internal email servers, while the latter also saw some website assets affected. Statements from both governments claim that no data was lost and most services have been restored as of this writing.
Hundreds of Cities Infected with Ransomware
These cyber incidents follow a rapidly growing trend of public institutions being targeted by ransomware attacks. Hospitals, police departments and now municipal and state agencies are increasingly victimized by malware infections that encrypt databases and demand a payment to unlock those files. Baltimore, Philadelphia, and several cities throughout New Jersey are only a few of the many that have been assailed by malware infections.
These developments have not gone unnoticed and have been addressed at multiple levels of government. However, despite the efforts by local and federal agencies, ransomware continues to affect cities, states and private businesses across the country. This is because hackers know what techniques to use against overextended networks like those of public institutions and SMBs, including social engineering and exploiting popular applications like the Office 365 suite.
What is Ryuk and Why You Should Be Worried About It
Another worrying trend among many recent ransomware attacks – including the majority of reported incidents in NJ – is that the same type of malware was used in most cases: Ryuk. The profile of Ryuk makes it a huge concern, as researchers note that it is deployed almost exclusively for targeted attacks with critical files encrypted and larger ransoms demanded. Additionally (or perhaps, appropriately), this type of ransomware can be employed through several different methods and channels, and can delete all evidence of its presence.
This last factor reinforces the theory that many of the latest malware samples have something in common. It could mean that cybercriminals are copying each other, though it could also mean that they are actively sharing data and methodologies or that it could even be the same group carrying out all of these attacks. The nature of the Dark Web makes it difficult, though not impossible, to consistently track down culprits.
NJ is a Prime Cybercrime Target
Of the now eight reported ransomware attacks in NJ, Ryuk was used in three – along with the Dover and Union County attacks, the Cherry Hill School District was also a victim of a breach by the same malware type. Besides these examples, all but the attack against Newark – which was hit by the similar SamSam virus – were attributed to unknown actors. The reality is that many (if not most) departments and businesses in New Jersey and nearby metropolitan areas do not disclose when they are hacked.
Ryuk has largely replaced SamSam as the ransomware of choice, but given the similar tactics between the two, the former’s rise was likely enabled by the lack of actionable information on the latter. This leads to victims falling for the same scams as those before them, as the data, knowledge and experience needed to spot infection vectors and respond to locked files is lacking.
Learn How to Defend Against Ransomware
SWK Technologies has firsthand experience with helping clients deal with ransomware (see how we helped Continental Food and Beverage, distributors of Inca Kola, save their files). We can provide you with tools and expertise to help you combat this growing threat and prepare your business to defend your network against malware infections.
Download our free Business Guide to Ransomware ebook to learn more about what to expect and you can begin protecting yourself against what’s out there.
