In the mid of July 2018, the Mat-Su (Alaska) management went on to discover an anomaly in their network. The IT department from Mat-Su Borough chanced upon a malicious piece of code—a Trojan to be exact—directed at its network. The discovery came thanks to the installation of a new ant-virus tool that proved to be efficient in ransomware removal.
Afterwards, help poured in as professionals from federal, state, and private cybersecurity firms assisted in restricting the attack and speeding up the restoration processes.
Later FBI’s unclassified bearing emerged during September which revealed that while the Mat-Su ant-virus solution functioned well in identifying and tackling the Trojan cyberthreat, the IT staff was unable to realize a major fact: other types of malware like ransomware also entered in the network.
Eric Wyatt—the Matanuska-Susitna’s IT Director—explained that the cyberthreat utilized several malware components to fool various security layers for a successful infiltration. He labelled the attack as “Advanced Persistent Threat”.
As the week ended, the most dangerous part of the virus emerged: CryptoLocker Ransomware. As a consequence, data from almost 500 of the workstations belonging to Mat-Su Borough was encrypted while out 150 servers of the borough, only 30 could escape the ransomware infection, meaning that the remaining 120 servers got hit.
John Moosey—manager at Mat-Su Borough—stated that these cybercriminals follow a special sequence: First, they get hold of the data; then they encrypt it and lock access; and lastly they quote a figure for ransomware removal in the form of Bitcoin—sent to an international location like Sweden. Thus, the entire organization becomes a hostage for a paltry sum of $400,000.
However, ultimately the Mat-Su Borough had the last laugh; prior to the attack, they had invested in cybersecurity insurance.x