Ransomware pounces on California schools, Las Vegas trounces attack

We’ve got some bad ransomware news, and we’ve got some good, cyberattack-THWARTED! news.

First, the bad: over the holiday break, crooks who are so morally bankrupt that they target the organizations that serve children pounced on schools in the US city of Pittsburg, California.

On Monday, the superintendent of Pittsburg Unified School District, Janet Schulze, put up a message about the ransomware attack on the district’s Facebook page.

She said that any and all affected and potentially affected servers had been taken offline, leaving the district’s school system without email or internet access. Phones were working, though, and the plan was to forge ahead and open school on Tuesday.

Twenty-eight minutes later, Schulze put up an update, saying that the show would indeed go on, but old-school style: sans laptops, sans internet.

We are all set for school tomorrow! We will be teaching and learning like ‘back in the day’🙂…without laptops and internet. Our schools have access to student information and our phones are working. We still are not able to receive email, so please call your child’s school if needed.

As of Monday, the district was working with two external IT firms and attorneys who, Schulze said, are all specialists in this kind of e-misery. She also said that the district had notified law enforcement and that the investigation and repair work were still underway.

The cybersecurity teams that are helping the school system to get back on its feet hadn’t detected any compromise of personal data as of Monday.

Cut off from the internet and email, the district’s secondary schools were given an extension – until Monday 13 January – to enter first-semester grades into the grading system. A slice of good news: the cafeteria wasn’t affected and could therefore be counted on to dish up meals for the hungry students.

Schulze didn’t give any indication as to what ransom the crooks are demanding, nor whether or not the district plans to fork anything over.

Should Pittsburg pay? That’s the burning question for scads of government agencies that are under siege these days. But there’s one thing to keep in mind when mulling the pay/don’t pay question: paying the ransom guarantees nothing.

According to one study, more than 17% of organizations that chose to pay a ransom never regained access to their encrypted data or infected systems.

We wish Pittsburg’s schools the best of luck when it comes to pulling out of the attackers’ clutches without paying them.

So that’s the story with Pittsburg. To counterbalance those woes, here’s a dose of good news: on Tuesday, Las Vegas avoided – by the skin of its teeth – a cyberattack that it says could have been “devastating.”

Were the odds in the city’s favor?

On Tuesday, the city said that it had been hit by what it referred to only as a “cyber compromise” in the early morning. As soon as its IT staff became aware that something was up, they leapt to protect the data systems. It’s an impressive response, particularly considering that the attack came in the wee hours, around 4:30 a.m.

We experienced a cyber compromise at 4:30 a.m. Tuesday. Our IT team is assessing the extent of the compromise. When… twitter.com/i/web/status/1…

—
City of Las Vegas (@CityOfLasVegas) January 08, 2020

The city responded by taking several services offline, including its public website. The site was back up as of Wednesday, when the city confirmed that it had “resumed full operations with all data systems functioning as normal.”

Kudos, IT staff!

Following yesterday’s cyber compromise, we have resumed full operations with all data systems functioning as normal… twitter.com/i/web/status/1…

—
City of Las Vegas (@CityOfLasVegas) January 08, 2020

It doesn’t look like any data was lost, nor had any personal data been compromised, Las Vegas City said. City officials don’t know who was behind the attack, but they’ll keep looking:

We do not believe any data was lost from our systems and no personal data was taken. We are unclear as to who was… twitter.com/i/web/status/1…

—
City of Las Vegas (@CityOfLasVegas) January 08, 2020

Las Vegas City spokesman David Riggleman told the Las Vegas Review-Journal that attacks on several other cities in recent years have made city officials particularly vigilant.

As it is, Riggleman said, the city’s network systems get bombarded with an average of two million emails every month – about 279,000 of which are attempts to breach its systems.

[There are] a lot of people out there […] trying to open that cyber door.

Were the odds in Las Vegas’s favor? Did it just get lucky? Or did its IT staff have some special sauce that repels attackers and helps it win at the ransomware/cyberattack roulette wheel?

We don’t know. But there are certainly some things you can do to…

Protect yourself from ransomware

• Pick strong passwords. And don’t re-use passwords, ever.
• Make regular backups. They could be your last line of defense against a six-figure ransom demand. Be sure to keep them offsite where attackers can’t find them.
• Patch early, patch often. Ransomware like WannaCry and NotPetya relied on unpatched vulnerabilities to spread around the globe.
• Lock down RDP. Criminal gangs exploit weak RDP credentials to launch targeted ransomware attacks. Turn off Remote Desktop Protocol (RDP) if you don’t need it, and use rate limiting, two-factor authentication (2FA) or a virtual private network (VPN) if you do.
• Use anti-ransomware protection. Sophos Intercept X and XG Firewall are designed to work hand in hand to combat ransomware and its effects. Individuals can protect themselves with Sophos Home.

For information about how targeted ransomware attacks work and how to defeat them, check out the SophosLabs 2019 Threat Report.

For more advice, please check out our END OF RANSOMWARE page.