Redcar and Cleveland Council were attacked with ransomware on Saturday, February 8th. The council website is still not fully operational today, and this is only one of the consequences of the attack. Staff had to resort to pen and paper, and press reports claim the damages could cost between £11m and £18m for the repair.
The National Crime Agency (NCA) and National Cyber Security Centre (NCSC) have both been involved in the investigation and the recovery of the council’s systems. The council decided not to discuss the event in front the public and press to avoid the disclosure of any sensitive information, giving no details on how they were compromised or the demands of the hackers.
Ransomware attacks usually come as an executable payload that tricks the user into granting them admin rights over the system. This is quite often paired with social engineering techniques that convince the user to download and run the program in the first place. Once the admin rights are secured, the malware will encrypt some of the computer’s data. Once a reboot takes place, ransomware usually shows a screen that requests the ransom amount with details on how to pay it.
Ransomware cannot pose a threat if it does not get a chance to. Here are some of the best tips and tricks to avoid a worse-case scenario:
Keep your Operating System patched and up to date to reduce the number of vulnerabilities that can be exploited.
Don’t install software or give admin privileges for programs if you aren’t sure what they do.
Use some antivirus software as these can detect ransomware when they arrive and prevent them from running in the first place.
Make sure to back-up your files, so you have a chance to restore files if you fall victim to ransomware.
For phishing the general advice also follows, check the email address of the sender and don’t click any links or download attachments from emails you do not trust.
Recently in North Carolina, the City of Durham and Durham Country Government IT systems were the victim of ransomware known as Ryuk. This occurred late in the evening on Friday March 6. In comparison to Redcar and Cleveland Council, the malware in Durham had been contained and the city was in recovery mode by March 9 with some services remaining intentionally offline during the recovery process.