According to the Washington Post, 70 percent of storage devices associated with closed-circuit TVs in Washington DC were infected with ransomware eight days before the inauguration of US President Donald Trump.
One hundred twenty-three of 187 network recorders, each controlling up to four CCTVs, were forced offline by a ransomware infection. The city alleges the system was not connected to anything else but these recording systems.
As a result of infection, cameras which look over public spaces around the Washington DC area were down between the 12 - 15 January 2017. The city had to wipe the devices and IT systems to get rid of the infection, it did not pay any of the ransom demands. This was noticed by local police who said there were four devices not recording.
It remains unclear if anything of value was lost, if the encrypted data was decrypted for free, or if the ransomware crippled the affected network devices.
Interim police chief Peter Newsham said that police worked with OCTO but that the incident was limited to about 48 hours. He said there was “no significant impact” overall.
The most common security advice to combat ransomware is: keep regular backups, and ensure those backups are usable; ensure a patched OS and AV; never pay the ransom, as it encourages criminals to keep trying to infect people with their malware.
Should none of these work, the folks at non-profit initiative No More Ransomware are regularly releasing decryption keys for ransomware strains which they have reverse engineered and broken into.
The initiative itself is an amalgamation of a number of private security companies, law enforcement agencies and governments who decided that ransomware is at the top of their hit list for 2017. This should come as no surprise, given analysts are predicting ransomware will soon become a billion dollar business for criminals.
Andy Norton, risk officer,EMEA at SentinelOne said: “This is an example of ransomware impacting critical infrastructure, it brings the problem to a new level, when things you take for granted suddenly are not there especially when public safety is at risk. We had a hotel in Austria infected over the weekend, where the attacker locked the rooms. The guests couldn't get in or out until a ransom was paid.”