Multiple U.S. Cities Dealing With Ransomware
Over the past couple of weeks several U.S. cities including Augusta, Maine; Imperial County, Calif.; Stuart, Fla.; and Greenville, N.C. were hit with ransomware attacks. What baffles my mind is that all cities were put on notice when Atlanta was “locked” last year and those of us that do this for a living understand that there are some very simple steps anyone can take to protect themselves against ransomware. Of course, the typical response is not me, no one wants to attack me, and the answer is always, it’s not personal it’s business, in this case a criminal enterprise. Ransomware is still mostly designed to make money for the bad guys, but it will continue to evolve as a way the bad guy can get you focused on one thing while they steal something else.
As I read these articles there seems to be an assumption that the bad guys are international and cannot be reached, but I wonder how many investigations are being done to determine where the malware is coming from? If I were a criminal, especially if I was in the U.S., I would get into the ransomware business only because it seems no one is looking for me. I can do all my crimes from the comfort of the actual U.S. city I live in just by appearing to come from a foreign IP address. With ransomware the focus of the reporting is on the recovery, not necessarily the perpetrator. Law enforcement presence seems to be missing, I know the FBI says don’t pay the ransom, which I agree, but there does not appear to be many arrests being made.
Until the investigators get better at identification and attribution and there are real consequences criminals will continue to wreak havoc with all sorts of vulnerable systems.