D.C. CCTV system targeted by ransomware
By MDL on February 17, 2017
HEADLINE:
D.C. CCTV system targeted by ransomware before inauguration day, U.K. arrests two in connection to attack
Washington D.C. city officials say that 123 out of 187 video recorders in the city-wide CCTV system were infected with ransomware that left them unable to record images for two days just a week ahead of President Trump’s inauguration day on January 20th.
The D.C. Chief Technology Officer reported that a ransom was not paid and that infected devices were taken offline while software was reinstalled.
The U.K. National Crime Agency (NCA) arrested one male British citizen and one female Swedish citizen in connection to the ransomware attack at the request of the U.S. government.
BOTTOM LINE:
Ransomware is on the rise. Incidents of ransomware are increasing, and all organizations should have a plan of action in place before ransomware strikes.
Experts say, “Don’t Pay!” Ransomware is a growing phenomenon because targeted organizations have been paying. According to a Ponemon study, up to 48% of victimized organizations have paid the ransom.
Find the holes, fix the holes. There was no mention made to indicate whether or not the vulnerabilities that allowed the CCTV system to be targeted had been identified or patched. Getting the video recorders working again is good. Making sure they are no longer vulnerable to the same type of attack is better.
It’s all about the $. The purpose of a ransomware attack is to disrupt a targeted organization’s normal working operations so thoroughly that they will pay money to be able to get back to work as quickly as possible. Ransomware is not about making political statements or stealthily stealing data. Even though the D.C. CCTV ransomware attack coincided with preparations for an important political event like the presidential inauguration, the attack appears to be motivated by money and not politics or theft of information.
Sources:
Washington Post
Hackers hit D.C. police closed-circuit camera network, city officials disclose
Two people arrested in U.K. in hacking of D.C. police closed-circuit camera network
SC Magazine
U.K. arrests two for hacking Washington, DC CCTV system
Ponemon Institute
CSO Online
To pay or not to pay: Too many victims say yes to ransomware
Krebs On Security
Before You Pay that Ransomware Demand…
-
The Weakest Link: DoD Data Exposed by Third-party
The Weakest Link: DoD Data Exposed by Third-party
11/1/2019 -
New York Financial Companies must comply with cybersecurity regulation
New York Financial Companies must comply with cybersecurity regulation
3/29/2019 -
Global Weekly Executive Summary, 02 November 2018
Global Weekly Executive Summary, 02 November 2018
11/7/2018