In 2018, an interesting trend was noticed in the cybersecurity circles. While cybercriminals were never afraid to lock horns with large businesses, they crossed a new limit and began to attack IT systems in municipalities. Many prominent cities in USA were attacked by various ransomware strains where the cybercriminals not only encrypted sensitive data but also disabled many public services. According to recent reports, one more municipal government has suffered a blow. This time the city is Plymouth (CT).
On Wednesday, the IT servers belonging to the city’s government got infected as their data was encrypted. According to Jeff Ziplow, a local cybersecurity expert, the systems of the municipality and local police department became corrupted due to in the aftermath of the attack. The ransomware is so far called as decrypt.txt ransomware—it is possible the name was coined due to the file name of the ransom note.
So far, it has been established that the cybercriminals used emails for their deception to enter the municipality’s network. Afterward, they encrypted files as the staff was no longer able to access their systems. As part of the ransomware removal and recovery process, the management chose to close the servers to ensure that the ransomware is isolated and does not manage to spread out to other departments.
Ziplow revealed that they are currently attempting to find out the name of the ransomware and identify the type of the variant. He termed the effect of the ransomware attack on the servers as “dramatic”. He expects to collaborate with the IT director where they will check all the servers to identify which of them were affected as well as complete the ransomware removal process. So far, there have been two strategies to counter the ransomware. Firstly, it will be determined whether the ransomware is removable with a tool. If no tool succeeds, then restoration via backups would be the preferred contingency plan.
He also disclosed that the systems in the municipality used Microsoft Office 360 and there are chances that the two-factor authentication mechanism will be introduced in the office to improve the security of the systems.
Ziplow pointed out the fact that recently municipalities were in the crosshairs of cybercriminals, especially those in Connecticut.
According to Ziplow, a text document was created by the ransomware which entailed step-by-step guide on how the town can pay the ransom in the form of the popular cryptocurrency, bitcoin. The hackers promised ransomware removal in exchange for the ransom, though the management refused to bow down to their demands—wise decisions as these hackers are not always true to their words.