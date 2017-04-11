Predictive analytics can stop ransomware dead in its tracks

This past February marks the two-year anniversary when Livingston County, Michigan, was hit by ransomware. The wealthiest county in the state had three years’ worth of tax information possibly at the mercy of cybercriminals.

As a local government, county CIO Rich C. Malewicz said they have been a target of ransomware, but in this instance they had backups at the ready. He said the most memorable ransomware attack was a result of a watering hole campaign using malvertizing to infect users visiting a local news website.

“This attack was very clever in that all you had to do to get infected was visit the website, you didn't even have to click on the page. Once the user went to the local news website, they were immediately redirected to a site hosting exploit code and the infamous page appeared demanding a ransom with instructions,” he said.

The attackers embedded malicious code in the iframe that redirected the users to the exploit landing page. The ransomware spread to several PCs and servers before it was contained.

“We were fortunate enough to have a working backup of the data and we recovered shortly after. If we didn't have a working backup this could have been a disaster,” Malewicz said.

Aside from the loss of personally identifiable information of the 188,000 citizens of the county, the government would have been looking at the labor cost to replicate the documents on top of the damage to its reputation. The county’s network is also shared with public safety entities as well as educational institutions.

“It's pretty clear that local government is a primary target of ransomware attacks, mainly because they have lagged so far behind the private sector in terms of cyber protection, many don’t have working backup solutions - if any at all, and they tend to pay the ransom,” he said.

Recent headlines show public safety agencies and local governments will pay the ransom, so they are targeted even more - attackers will migrate to the industry that tends to pay the ransom and to those that have an inadequate cybersecurity posture. Case in point the Tewksbury, Mass., police paid the ransom four or five days after they could not break the encryption and needed the attackers to send them the private key in order to access the data.

“Protecting an organization from ransomware or any type of malware is similar to an arms race, as the threat evolves so must your defenses!” Malewicz said.

The county turned to predictive analytics in hopes of halting the ransomware attacks. Livingston County uses Unitrends backup solution to provide Malewicz's team peace of mind that in the event our cyber defense fails.

