All is well here at Woesnotgone Meadow, where everyone has above average bandwidth.
In the Meadow, we have our municipal office, which manages the Meadow’s business and works with our citizens. The Meadow has maintained its presence under the radar and has been fortunate to not have been attacked. Akron, OH, however, has not been this lucky.
The city’s computers were the targets for the attack. As this was successful, ransomware was applied to their system. Curiously, this was the 2nd time the city was successfully attacked. The first was in 2013.
Once the successful attack was detected, the city knew there was a significant issue. The attack shut down a majority of Akron’s 311 system. This also affected other critical software and hardware systems. Fortunately for the city, the attack wasn’t nearly as in-depth and devastating as it could have been.
The attackers demanded a six-figure sum for the decrypt key. Without the funds, the decrypt key would not be provided. This potentially would have been devastating. The city’s data and information being encrypted could have crippled the workflow, recordkeeping, and had operations pushed back into the 1950s with paper and pencil.
The city did not respond to the attackers. The city had the foresight to have daily back-ups done. Without this in place, the attackers would have had significantly more leverage on the city. The city ended up restoring the files from the day before, so the workers only had to enter one day’s worth of work.
From the legal aspect, the city did contact the FBI and Ohio Highway Patrol. The Akron mayor also requested assistance from the governor in the form of the Ohio National Guard’s help from the 172nd Cyber Security Protection Team.
The attack shows the importance of not only active monitoring for the system, but also back-ups. The back-ups were integral to de-escalating the attacker’s leverage. These allowed the city to restore the data from the day before, without spending the money to attempt to secure the decrypt key. Without this, the city would have the opportunity to make a large payment and hope the decrypt was provided. These were also done on a daily rotation, which allowed for the not only the restore but also for a minimal amount of data having to be rekeyed in or otherwise incorporated into the data.
With this case and many others, the rule to apply is back-up and check the back-ups to ensure they are not corrupted.
Thanks for visiting Woesnotgone Meadow, where the encryption is strong, and the O/Ss are always using the latest version.
Ashworth, A. (2019, January 25). Akron combats ‘financially motivated’ cyberattack on city servers. Retrieved from https://www.ohio.com/news/20190125/akron-combats-financially-motivated-cyberattacks-on-city-servers
Houston Chronicle. (2019, January 26). Akron says cyberattack forced shutdowns of city help line. Retrieved from https://www.houstonchronicle.com/news/article/Akron-says-cyberattack-forced-shutdown-of-city-13564123.php
Scofield, D. (2019, January 25). Multiple local and state agencies investigating cyberattack on akron’s city servers. Retrieved from https://www.news5cleveland.com/news/local-news/akron-canton-news/multiple-local-and-state-agencies-investigating-cyber-attack-on-akrons-city-servers
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!