Pensacola confirms ransomware attack | DigitalMunition

Pensacola
officials confirmed that an ongoing
cyberattack that began early Saturday morning is a ransomware attack.

While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that Mayor Grover Robinson initially declined to discuss.

Jeff
Bergosh, District 1 Commissioner on the Escambia Board
of County Commissioners, posted a letter from the City
of Pensacola IT department, describing actions taken in the wake of the
attack, including notifying its SOC and increasing its alert activity as well
as notifying DHS and monitoring firewall and antivirus logs.

The city
realized it was under attack Saturday morning not even 24 hours after a Saudi airman shot and killed three members of the U.S. military at the
Pensacola Naval Air Station.

Other Florida cities have fallen victim to ransomware attacks
this year, with attackers hitting up Lake City for a $460,000 ransom, which it
paid. Lake City’s move mirrored one made earlier by Riviera Beach, Fla., when it opted to pay
$600,000 to its attackers.

 Municipalities
have become a target for ransomware attacks, given the necessity of keeping
systems up and running and the propensity to pay up. “Hackers clearly believe they have found a productive business venture
in hitting municipal governments with ransomware,” said Aaron Branson, vice
president at Netsurion. The combination of decentralized systems, lackluster
network monitoring making an attack feasible and the pressure of angry citizens
making payout more probable, 2019 has been the year of municipal ransomware.”

The attacks are sometimes direct while
others are done “via hacking a managed IT service provider servicing multiple
municipalities,” Branson said.

Steve Moore, chief security strategist at Exabeam, said
organizations can take several steps “to increase their chances of detecting
and disrupting motivated adversaries”

Noting that “ransomware attacks are simple in delivery yet
difficult to prevent– especially since infections usually disguise themselves
as innocent attachments or email links,” Moore said, “companies can educate their
staff, but there’s no guarantee someone won’t slip up eventually – it only
takes one.”

Ransomware also presents challenges because it “updates
continuously—at least once every 24 hours,” he said. “Interestingly, these
attacks are often entirely successful on fully patched systems with
industry-leading anti-malware software installed.”

Moore said organizations need to reduce “undocumented
business processes that hide within the inbound email” and add greater
capabilities for the defender. “For the defender, there must be improvements in
their time to ask (TTA) questions, such as ‘which account or asset is
associated with this alert?,’ ‘what happened before?,’ ‘has anyone from
accounting ever signed into this business application before?’ and ‘did any
other executive receive an email from this account yesterday?’” he said.

Comments are closed.