Ransomware has been in the headlines for years. As a reminder: ransomware is defined as a type of malicious software designed to block access to a computer system until a sum of money is paid.
Last week I was talking about the 25and anniversary of our company on our podcast.
Twenty-five years ago, cybersecurity was not a priority for most of us. Ransomware did not exist by current definitions.
Fake faxes and emails about paying “legal fees” to get your $10 million diamond inheritance were the most common threat at the time.
These days – every day – I bet everyone reading this knows of an organization they work with that is dealing with some kind of “cyber incident”.
But what happens when a government is affected? In recent years, several municipalities in Florida – Rivera, Stuart, Tallahassee, Naples, Lake City, Key Biscayne – have all had to deal with cyber incidents.
Depending on the nature of the attack, imagine the potential impact.
Fire, electricity and other utilities, police, prison, ambulance, garbage collection; there’s a reason why these municipalities paid the ransom (although as a general rule you shouldn’t; that just keeps them going and looking for the next victim).
Unlike the others, the Tallahassee situation in 2019 was not ransomware; it was a different type of attack. Speaking of which, USA Today published this article describing the theft of city funds here in Leon County written by Karl Etter the Tallahassee Democrat; I contributed to it.
I don’t just write about cybercrime. In our business, we live it – fighting hacking attempts and cybercrime every day for our customers.
A few years ago, I witnessed first-hand a county-level ransomware attack in Florida. It interrupted all services for several days. They will remain anonymous and kudos to them for not paying a ransom like some of the other entities mentioned here by name.
The county was restored from backup (with our help) and continued business as usual. These instances were brutal and disruptive, but what happens when they hit on a higher level?
This week in Costa Rica, the national government is dealing with a cyberattack that is impacting the whole country in one way or another, not just all of the services mentioned.
Let’s hope their armed forces are not affected.
Conti, the Russian hacking gang, was behind the attack and they are not just asking for money like in a normal ransomware attack. They threatened to overthrow the government (well, it quickly degenerated, as the saying goes).
Could an online hacking gang do this? They threaten to delete critical systems and demand a massive ransom ($20 million). But overthrow the government?
Although this is a terrifying notion, it is extremely unlikely to happen.
President of Costa Rica Rodrigue Chaves declared a national emergency and the United States jumped to the aid of Costa Rica, with the State Department offering a $10 million reward for information leading to the Conti gang’s capture.
The Conti Group has released the following (according to the Associated Press): “We are determined to overthrow the government by means of a cyberattack, we have already shown you all the strength and power, you have introduced an emergency.”
It’s not the first time we’ve heard Conti’s name. The FBI estimates they were involved in 1,000 successful hacks with over $150 million paid by victims.
While this is staggering, this appears to be their first attack on a diet.
The relevant departments appear to be the Ministries of Finance, Labour, Social Security and others, but the details keep coming in as this is happening right now.
What does this mean for us in Florida? When your IT department says don’t click on something suspicious, don’t! Ransomware most often arrives via email. When IT says they need to increase their budget for redundant backups, two-factor authentication, advanced threat blocking, remediation and threat isolation tools, say yes.
And when it’s time to renew your firewall and anti-virus defenses, be sure to do so.
What is happening in Costa Rica could happen anywhere, in theory. Expect a massive response as they now use the term “terrorist” to describe these groups, not just hackers and cybercriminals.
The cyberwar rages on, and if you count the dots, we’re not winning.
It will take a quick tactical response to this group and a quick resolution to the situation in Costa Rica to fix it. The money lost and jobs affected will be brutal, but think of those in hospital, those in need of an ambulance, and the lives that could be lost in a cyber incident.
That, my friends, is reason enough for all of us to join this cause. Stay safe, don’t click and good luck to everyone in Costa Rica.
Blake Dowling is CEO of Aegis Business Technologies and author of the book “Professionally Distanced”. He can be reached at [email protected]. You can also check out his review of the past 25and years of all things, technology, etc. in his latest podcast.