By Ryan Klund - Business Development Associate
More than a week after a ransomware virus infected the City of Racine, and still life has not returned to normal.
On January 31st, Racine’s city website, online payment system, voicemail and email systems were taken down by cyber attackers and still haven’t been restored. “It just a thing that takes time,” said Racine city spokesperson Shannon Powell to The Journal Times.
According to reports, emergency services – like police and fire – weren’t affected by the attack but Racine has been forced to turn back the clock asking its residents to pay permits and fines in person at city hall. “It’s definitely an inconvenience for staff and people that rely on that technology,” Racine Mayor Cory Mason told the Milwaukee Journal Sentinel. “We’re not likely to be back up digitally this week.”
Racine wasn’t the only ransomware incident in Wisconsin this past week. The City of Oshkosh - a little more than 100 miles away – was infected by Russian hackers the day before Racine fell victim.
Reports are pointing towards the two ransomware attacks being unrelated, however Oshkosh has also been forced to do business without the use of computers or electronic files this week. “This week in particular, property taxes are due and so we’re manually doing a lot of things that we normally rely on the computer to do,” said City Manager Mark Rohloff to WTAQ.
Both attacks caused by malicious links
Sophisticated ransomware attacks have been a scourge on US municipalities and small businesses for several years. To name just a few, in 2019 22 Texas towns were attacked in a coordinated ransomware attack and right here in Wisconsin, Digital Dental Record – a medical records company – was compromised affecting hundreds of dental offices around the country.
There are numerous ways cybercriminals can infect a system, however the most common is through emails containing malicious links.
It appears in both the Racine and Oshkosh ransomware attack, malicious links were clicked by city employees and allowed attackers into the city’s public networks. “We’re still doing our analysis but that’s likely how it occurred,” Mason told The Milwaukee Journal Sentinel.
Three ways the attacks could have been prevented
City governments and small businesses have been an easy target for cyber criminals, as these types of organizations are likely to have poor cyber defenses in place and less resources to remediate without paying a ransom amount. However, both Racine and Oshkosh could have prevented attacks in the following ways.
Advanced Email Filtering technology. In the IT world these tools are called SPF, DKIM, and DMARC – We’ve written about these tools in past blogs. In basic terms, these tools authenticate emails and keep them from doing damage to organizations by blocking them before they hit an employee’s mailbox.
- Advanced Threat Protection (ATP). Another layer on top of email filtering tools, ATP offers the ability to detect malicious information by monitoring links in emails and sends a warning when a contained link could be malicious.
- Cybersecurity Training. Malicious emails can be detected by a trained employee who knows what they’re looking for. Email phishing tests can pinpoint which employees are susceptible to an attack and need training on what to look for.
SWICKtech is on the front lines everyday remediating ransomware attacks and protecting companies before they’re compromised.
If you want to know where you might have gaps in your security, feel free to contact us for a free gap analysis of your organization.