Hall County, Ga. confirmed it experienced a network outage as a result of a ransomware attack. The cyberattack impacted critical systems within the Hall County Government networks, including phone services. While some applications were disabled as the County works to resolve this incident, business continuity measures have been implemented.
Emergency services were not and will not be disrupted, Hall County explained, and at this time, there is no evidence to show that citizen or employee data has been compromised, but encouraged citizens and employees to take precautionary measures to monitor and protect their personal information.
CNN reported that this may be the first ransomware attack to hit election infrastructure this political season.
Brandon Hoffman, Chief Information Security Officer at Netenrich, says that a successful attack against voting infrastructure, whether the target or collateral damage, was inevitable. "The ransomware spree has gone essentially unchecked and it's stands to reason that type of malware would be the one to hit. On the other hand, with ransomware, election infrastructure probably wasn't the main target. However, the fact that this was successful validates the attack path. Attack path validation is a key step in any attack sequence and testing it on a small scale scenarios always makes sense. If security professionals working with voting technology were not already extra vigilant, there's no time to waste in getting over prepared.”
Daniel Norman, Senior Solutions Analyst at the Information Security Forum, explains, “The threat of ransomware has flourished worldwide at an unimaginable rate and scale, especially during the COVID-19 pandemic. A reason for this is due to its accessibility and ease to spread. While thousands of organizations, and millions of individuals, have been hit by ransomware over the last few years, measuring the overall financial and reputational impact is difficult to calculate and is entirely relative."
Recently, IBM reported ransomware incidents appeared to explode in June 2020, with ransom demands are increasing exponentially, and in some cases, attackers asking for more than $40 million. Digital Shadows, as well, observed new variants of ransomware, as well as data leak sites (which host and/or advertise stolen information), are popping up every week, including some operated by the notorious Conti ransomware operators - the same attackers who are suspected to be responsible for Ryuk malware.
Norman adds, "Moving forward, end users should receive ample security awareness, education and training on the threat of ransomware, particularly its delivery mechanism. Typically, the success of ransomware is reliant on whether or not the target organization has patched its devices properly. Therefore, having all systems patched and up-to-date is a minimal for security.”
Isabelle Dumont, Vice President of Market Engagement at Cowbell Cyber, notes, “While the U.S. government is tightening its control over ransom payments with recent OFAC advisories, small organizations should consider the long list of damages inflicted by a ransom attack, starting with business interruption, and seek financial protection through cyber insurance.”