Saturday, November 16, 2024
HomeRansomwareRansomware Attack on the Cleveland Hopkins International Airport in U.S - Lessons...

Ransomware Attack on the Cleveland Hopkins International Airport in U.S – Lessons learned

Published on

Cleveland Hopkins International Airport In U.S fell victim to a cyber attack on April 29th and officials have confirmed its a ransomware that had affected their systems for a while.

There wasn’t any flight delays and security check hindrances but 95% of the systems went offline.

On April 21, the malware was discovered on the airport’s computer servers. The systems that handle flight and baggage displays and email were affected. 

- Advertisement - SIEM as a Service

Right after the attack, ransomware has requested the officials to reply with a mail but instead, Donald Phillips, Chief Information Officer of Cleveland and his team went ahead and fixed it all by themselves.

Ransomware threats could chaos to organizations, and Cleveland must be lucky because Albany, New York, and Flordia all suffered the ransomware and have paid a lot of money to get out of this.

“We were giving you what we knew at the time,” he said.

“Phillips acknowledged that he considers the malware involved to be a form of ransomware. He said the city was asked by the malware to respond to an email address for more information about the hack but the city did not respond.”

According to crainscleveland , the malware impacted computers linked to the Hopkins email, payroll, and digital records systems.

It doesn’t sound like Cleveland will take anywhere near that kind of financial hit. Other municipalities need to learn from these events and be proactive.

Why is Ransomware scarier now

Ransomware has always been a threat for cybersecurity professionals, with new variants and types developed every day this has become a never-ending routine for IT, administrators, to prevent them from causing havoc to their business.

With more data protection laws coming into force, organizations need to make sure they keep ransomware out of their network else they need to face huge consequences, the penalities and brand degradation in the market. Facebook is one such organization who did fail to keep their users personal data secured, and now being sued by different countries for their non-compliance over data protection.

Ransomware campaigns will continue to grow in numbers, but not all campaigns would be effective enough to last long. In Jan 2017, there were 635 campaigns, in Feb 2018 it was 1105, and in Jan 2019 it was 1453

Future ransomware attacks can rely on RDP for takedowns, the recent takedown of xDedic marketplace exploited RDP service. Apart from that the SamSam, BitPaymer and CrySiS all used RDP and were developed in such a way that they can use any other service that is available for them to switch between computers

GandCrab ransomware has already came in number of different versions and is expected to grow further, thanks to its versatile nature.

Ransomware will be deployed after blending it with other campaigns for effective penetration. Methods like cryptojacking can be used for successful deployment of the ransomware. Heremes and Ryuk ransomware are one such example.

Ransomware visit to Norsk Hydro and Arizona Beverages

Norsk Hydro also became victim to a ransomware attack this year and have lost $40 million because of it. NotPetya the ransomware that took Maersk out for a couple of days has been the convict here in case of Norsk Hydro as well.

Though cyber insurance companies have claimed to bear the cyber damages, it’s highly unlikely to happen as Norsk Hydro was hit be pretty old ransomware that was out in wild in July 2017.

Arizona Beverages became victim to iEncrypt ransomware, leaving the company to halt its operations meanwhile. Close to 200 servers were affected, and the staffs were not able to process the orders over systems hence they went ahead to do it manually.

Lessons learned to defend against ransomware threats

Like Wiseman once said ‘Prevention is better than Cure’. An organization needs to go proactive to build its defenses against ransomware.

  • Keep your operating systems and applications up-to-date
  • Remove unwanted/unrecognized software from your network
  • Blacklist and whitelist applications for secured operations
  • Security configurations for browsers and firewalls
  • Monitor and secure the browser extensions and plugins
  • Honeypot systems can be employed for additional security
  • Segment IT infrastructure based on the critical and non-critical devices
  • Manage remote devices and their applications
  • Block the ports if in case the ransomware exploits one

Businesses need to educate their employees about cyber best practices, like how and why they should avoid opening attachments from an unknown sender. Cybersecurity awareness across the organization can give an upper hand to the organization. Apart from that its good to keep a patch management system and data security management procedures in place to avoid ransomware threats.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Also Read:

Ransomware Attack Hits Bristol Airport, Flight Display Screens Went Offline

Powerful Ransomware Attack Hit on Port of San Diego

Hackers Selling Airport Security System Credentials on Dark Web for $10

Indian Hackers Group Hacked & Encrypt Pakistan Website Files Using KCW Ransomware

Latest articles

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious...

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce...

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to...

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in...

Rise Of Ransomware-As-A-Service Leads To Decline Of Custom Tools

Ransomware-as-a-Service (RaaS) platforms have revolutionized the ransomware market.Unlike traditional standalone ransomware sales, RaaS...

A Massive Hacking Toolkit From “You Dun” Threat Group Developed To Lauch Massive Cyber Attack

The "You Dun" hacking group exploited vulnerable Zhiyuan OA software using SQL injection, leveraging...