Mass Transit - 16

Transit Cybersecurity
This can significantly increase
the overall costs and risks for public
agencies that become the victims of
a cyber attack. In order to reduce
these risks, they have to get more
proactive about cybersecurity.

How Ransomware
is Changing

Ransomware attacks used to be
relatively straightforward. In a
traditional attack, the hacker
would breach one or two computers on an agency's network, infect
them with a type of malware that
encrypts document files, databases and spreadsheets in order to
render them inaccessible to the
victim and then demand a relatively small ransom on the order
of a few thousand dollars in order
to remove the encryption from
the network. Although victims'
sensitive data was technically
compromised by the malware,
the hackers didn't actually steal
or view this data - they simply
locked it up behind a robust encryption algorithm to force the
organization to pay.
These attacks were bad enough
and cost many organizations a lot
of money, but they were far less
complex than the new attacks
happening today. The new ransomware that is now in wide use
- including Maze, NetWalker, REVil, DoppelPaymer and Ryuk - is
a multi-stage weapon capable of
causing significant damage. Not
only do the victims have to contend with their data and systems
being encrypted, but they must
also now deal with information
theft and the possibility that this
sensitive data will be publicly exposed on the web for other criminals to steal and use in various
frauds. Additionally, as an initial
step in compromising the network, these attackers usually plant
malware that acts as a " backdoor. "
These backdoors allow them to
carry out surveillance on the network ahead of the attack, but they
also provide long-term access to
the organization post-attack. This

16 |

Randy Pargman

A SCREENSHOT
showing Trinity
Metro files posted
by NetWalker,
which targeted
the agency with a
" double extortion "
attack.

means that even after a ransomware attack is " cleaned up " by an
IT security team, these backdoors
could persist inside the system.
The bottom line is that ransomware is no longer just ransomware - it can carry out multistage attacks and data theft that
can be crippling to its victims.

The bottom line

What Happens in
a Double Extortion
Ransomware Attack?

is that ransomware
is no longer just
ransomware - it can
carry out multistage attacks and
data theft that
can be crippling
to its victims.

-RANDY PARGMAN,
Binary Defense

Mass Transit | MassTransitmag.com | NOVEMBER 2020

This attack begins like any normal ransomware attack, usually
with a phishing email to an employee or by exploiting a weak
employee password for a remote
desktop portal that is exposed to
the Internet.
The hacker will trick the employee into clicking on a link
or downloading a malicious attachment (often Word or Excel),
at which point the ransomware
infects that person's computer
and then immediately connects
to the attacker's command and
control server. The intruder then
takes over manual control and
runs commands to map out the
agency's servers and other workstations, looking for ways to spread
across the network. Unlike traditional ransomware campaigns,
which usually rely on a " sprayand-pray " approach, the double

extortion groups often seek out
specific victims that are able to
afford high ransoms and will be
motivated to get systems running
again quickly - such as large corporations and public agencies.
The second stage of the attack
is where double extortion incidents really break away from the
traditional ransomware " business
model. " In a standard ransomware
attack, the malware will automatically seek out important files on
the system where it landed, encrypt
everything it can find and then
demand a payment to remove the
encryption. In a data leak extortion
attack, however, the ransomware
goes one step further by stealing
the information before it encrypts
it. This puts the victim in a considerable bind, because even if they
use backups to recover from the
encryption part of the attack, they
still have no control over what the
hacker does with the stolen data.
These new ransomware attacks also lead to significantly
higher extortion fees. Although
not all the attacks have been made
public, ransom demands in September and October 2020 were often more than $10 million. In one
recently disclosed attack, the REvil ransomware group demanded
a whopping $42-million ransom
from a New York law firm.


http://www.MassTransitmag.com

Mass Transit

Table of Contents for the Digital Edition of Mass Transit

Ad Index
Editor's Notebook: What's Next? Better Mobility
People & Places
New Ransomware Attacks Pose Costly Threat to Transit Agencies
2020 Transit Safety and Security Report
Planning the Right Zero-Emission Fleet Conversion from the Beginning
AVs Pave the Way to Future Mobility
A New Age for Streetcars
Products: In Focus - Shelters, Stops & Stations
Best Practices: Creating a Safer, More Secure Ride on Metro Transit in the St. Louis Region
Mass Transit - 1
Mass Transit - 2
Mass Transit - 3
Mass Transit - 4
Mass Transit - 5
Mass Transit - Ad Index
Mass Transit - 7
Mass Transit - Editor's Notebook: What's Next? Better Mobility
Mass Transit - 9
Mass Transit - People & Places
Mass Transit - 11
Mass Transit - 12
Mass Transit - 13
Mass Transit - New Ransomware Attacks Pose Costly Threat to Transit Agencies
Mass Transit - 15
Mass Transit - 16
Mass Transit - 17
Mass Transit - 18
Mass Transit - 19
Mass Transit - 2020 Transit Safety and Security Report
Mass Transit - 21
Mass Transit - 22
Mass Transit - 23
Mass Transit - Planning the Right Zero-Emission Fleet Conversion from the Beginning
Mass Transit - 25
Mass Transit - 26
Mass Transit - 27
Mass Transit - AVs Pave the Way to Future Mobility
Mass Transit - 29
Mass Transit - 30
Mass Transit - 31
Mass Transit - A New Age for Streetcars
Mass Transit - 33
Mass Transit - 34
Mass Transit - 35
Mass Transit - 36
Mass Transit - 37
Mass Transit - Products: In Focus - Shelters, Stops & Stations
Mass Transit - 39
Mass Transit - 40
Mass Transit - 41
Mass Transit - Best Practices: Creating a Safer, More Secure Ride on Metro Transit in the St. Louis Region
Mass Transit - 43
Mass Transit - 44
https://www.nxtbook.com/endeavor/masstransit/november-2022
https://www.nxtbook.com/endeavor/masstransit/september-october-2022
https://www.nxtbook.com/endeavor/masstransit/july-august-2022
https://www.nxtbook.com/endeavor/masstransit/june_2022
https://www.nxtbook.com/endeavor/masstransit/april-may_2022
https://www.nxtbook.com/endeavor/masstransit/march_2022
https://www.nxtbook.com/endeavor/masstransit/february_2022
https://www.nxtbook.com/endeavor/masstransit/at-the-show-2021
https://www.nxtbook.com/endeavor/masstransit/december-2021-january-2022
https://www.nxtbook.com/endeavor/masstransit/november-2021
https://www.nxtbook.com/endeavor/masstransit/september-october_2021
https://www.nxtbook.com/endeavor/masstransit/july-august_2021
https://www.nxtbook.com/endeavor/masstransit/mass_transit_june_2021
https://www.nxtbook.com/endeavor/masstransit/aprilmay2021
https://www.nxtbook.com/endeavor/masstransit/december2020january2021
https://www.nxtbook.com/endeavor/masstransit/november2020
https://www.nxtbook.com/endeavor/masstransit/septemberoctober2020
https://www.nxtbook.com/endeavor/masstransit/julyaugust2020
https://www.nxtbook.com/endeavor/masstransit/june2020
https://www.nxtbook.com/endeavor/masstransit/aprilmay2020
https://www.nxtbook.com/endeavor/masstransit/Mass_Transit_March_2020
https://www.nxtbook.com/endeavor/masstransit/february2020
https://www.nxtbook.com/endeavor/masstransit/december2019january2020
https://www.nxtbook.com/endeavor/masstransit/november2019
https://www.nxtbook.com/endeavor/masstransit/Mass_Transit_September_2019
https://www.nxtbook.com/endeavor/masstransit/julyaugust2019
https://www.nxtbook.com/endeavor/masstransit/2019railproductguide
https://www.nxtbook.com/endeavor/masstransit/june2019
https://www.nxtbook.com/endeavor/masstransit/2019busandparatransitproductguide
https://www.nxtbook.com/endeavor/masstransit/aprilmay2019
https://www.nxtbook.com/endeavor/masstransit/march2019
https://www.nxtbook.com/endeavor/masstransit/february2019
https://www.nxtbookmedia.com