John Pientka
John Pientka

Cyber Criminals Caught! Ah No, More Like Just Identified. Sigh!

Cyber Criminals Caught

It’s that time when we look back on the past year. In 2018, Atlanta was a victim of a cyber attack. It fought back rather than pay ransom and spent millions. The FBI has identified the malevolent actors but they are outside our reach. What lessons do we take from it?

A quick recap: In March the City of Atlanta noticed that many of its IT systems were malfunctioning. On March 22, it admitted that the city was under siege in a ransomware attack. I wrote about it in early April. The cyber criminals demanded $51,000 in Bitcoin to release the affected systems.

Ironically, the website to which the ransom was to be sent was inadvertently published and was soon flooded with traffic from all sorts of users and the public. The criminals panicked and shut the site down. So city officials were effectively trapped into fighting the attack whether they wanted to or not. (Of course, the City Administration has said it was always going to fight and not pay – yeah right!).

An army of consultants descended on the city and slowly things got better although some records were permanently lost. As Wikipedia reports: “Though the city declared that there was little to no evidence that personal data had been compromised, later studies show that the breach was worse than originally estimated. In June 2018, it was estimated that a third of the software programs used by the city remained offline or partially disabled. In addition, many legal documents and police dashcam video files were permanently deleted, though the police department was able to restore access to all its investigation files. For a while, residents were forced to pay their bills and forms by paper.”

The defense proved costly. At first the city stated that it had paid $2.7 Million to correct the problem. By August, news reports were documenting total expenditures of $17 Million – ouch! And what about the perpetrators? In late November a federal grand jury charged two Iranian men for computer hacking and extortion cyberattack that targeted the City of Atlanta and other metro Atlanta governmental departments.

The indictment charged 34-year-old Faramarz Shahi Savandi and 27-year-old Mohammad Mehdi Shah Mansouri, both acting from inside Iran, of creating a malware known as “SamSam Ransomware” that was able to do the act of “forcibly encrypting data on the computers of victims.” The two men would access the computers of victims through vulnerabilities in security, install their program and then demand a ransom to decrypt the data.

FBI investigators say that Atlanta was just one of the cities targeted by the two men. In all, officials estimate more than 200 victims, including Newark, New Jersey, the Port of San Diego, and multiple medical centers, were targeted. Apparently, they collected about $6 Million overall.

What have we learned? Was it worth it? Should the city just have paid the ransom? Payoff seldom results in a good outcome. A recent survey by SentinelOne shows that almost half the victims, 45%, paid the hackers off but of those only 26% got their files unlocked. And, of those that paid the ransom, 73% got hacked and locked out again – not good.

Will the perpetrators ever see justice? Realistically, probably not – We do not have the warmest of relations with Iran and Savandi and Mansouri are believed to still be in Iran. It’s unlikely they will face justice in a U.S. court unless they travel to a country that permits extradition – Anybody willing to give odds on that happening?

Is this the new normal? Yep! In fact it will probably get worse. A number of studies point to an increasing number of cyber criminals shifting their attention to ransomware. The targets will be bigger and more critical along with the ransom demands because it is easy money. Ransomware works because it depends on users’ negligent security practices. Given that a large percentage of Internet users do not follow best practices – ipso facto!

What do you do? Things look pretty grim but you can clean up your IT security hygiene: implement patches, train to avoid phishing attacks, close open ports, etc. Get serious about cyber. If you are an enterprise or institution consider the new (and better) approach to security called Zero Trust. Here’s to a safe and secure New Year.

By John Pientka

  • Articles
John Pientka Contributor
Principal of Pientka and Associates
John is currently the principal of Pientka and Associates which specializes in IT and Cloud Computing. Over the years John has been vice president at CGI Federal, where he lead their cloud computing division. He founded and served as CEO of GigEpath, which provided communication solutions to major corporations. He has also served as president of British Telecom’s outsourcing arm Syncordia, vice president and general manager of a division at Motorola. John has earned his M.B.A. from Harvard University as well as a bachelor’s degree from the State University in Buffalo, New York.
How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove ...
Ankur Laroia

Why ‘Data Hoarding’ Increases Cybersecurity Risk

Data Hoarding The proliferation of data and constant growth of content saved on premise, in cloud storage, or a non-integrated solution, poses a challenge to ...
The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance  With technology at the heart of businesses today, IT systems and data are being targeted by criminals, competitors and even foreign governments ...
Imminent IoT Eye-Tracking Technologies To Transform The Connected World

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

IoT Eye Tracking Smelling may be the first of the perceptible senses, but the eye is the fastest moving organ in the human body. While ...
Allan Leinwand

Two 2017 Trends From A Galaxy Far, Far Away

Reaching For The Stars People who know me know that I’m a huge Star Wars fan. I recently had the opportunity to see Rogue One: ...
BBC Tech

Slow websites to be labelled by Chrome browser

Websites that load slowly because they are poorly coded could soon be flagged by Google's Chrome browser. Google said it was working on several "speed badging" systems that let visitors know ...
Accenture News

Accenture Expands Cybersecurity Capabilities with Network of “Cyber Ranges” to Help Industrial Companies Simulate and Respond to Cyberattacks

Accenture will also open new Cyber Fusion Center in Houston for industrial control systems NEW YORK; Nov. 7, 2019 – Accenture (NYSE: ACN) has expanded its cybersecurity capabilities with the ...
Reuters news

Robot Wars: Russia’s Yandex begins autonomous delivery testing

MOSCOW (Reuters) - Russian internet giant Yandex has started testing autonomous delivery robots, the latest addition to its technological arsenal, the company said on Thursday. Named after the space exploration ...