Malware and viruses have evolved over the past several years, and today threats from over the internet come in a variety of forms.  Some of the most popular types of malicious software to use amongst hackers now is known as Ransomware. Recently government workers in a borough of Alaska have turned to typewriters to do their jobs, after ransomware infected their computer systems.

A spokeswomen for Matanuska-Sustina said the malware had encrypted its email server, internal systems and disaster recovery servers as well.  The borough is in the process of rebuilding all of its systems.  According to technology news site Bleeping Computer, the ransomware attack spread on 24 July.  However, the borough thinks it may have been dormant in systems since May.

Before, viruses and malware would come in the form of worms, or rootkits.  Typically, hackers will infect a computer system or network with the intent of sending the user ads, sometimes through the use of pop-ups, and sometimes by hijacking the victims browser and sending them to random web pages filled with advertisements.

A New Age of Malware

Since cryptocurrencies have become more popular, they can now be used to extort money from victims directly in exchange from getting their important system files back.  The way a ransomware virus works, is by infecting a computer on a network and running a cryptographic process which locks all files on the victims computer with a public and private key.  The hacker retains the private key, while the victim maintains a public key.  Normally a few files will remain unencrypted, typically these files will be instructions for where the victim can go to purchase a cryptocurrency, and where to send that cryptocurrency to in order to get the private key from the hacker which will unlock your files.

As well as infecting the borough’s desktop computer and email server, it had also attacked its telephone system and door entry card system, according to the Director of IT Eric Wyatt.

What makes this particular attack even more dangerous is that it is quickly spread amongst a network of computers or devices, so if one workstation is infected it’s likely the virus has spread to almost every other unsecured device that computers is connected to.  Also ransomware viruses are difficult to spot for average anti-virus programs, and often require a more robust Anti-Virus software to detect and prevent.  Even in the even that ransomware is stopped by Anti-Virus software, it is always recommended that you have a backup of your files in a secure location to restore to in the event your files are encrypted.

Finding The Right Protection

Even though the Alaska State borough had a backup data set, the ransomware was still able to infect some of the data, although “some portion” had been saved according to officials.  This just shows further that a secure backup is necessary, often requiring that the backup be done off-site.

“Though it initially appeared that our data was a complete loss, we have recently recovered data from the shared drives,” said Mr. Wyatt.   Although, “Email does appear to be completely unrecoverable” however according to officials.  Some portions of the ransomware attack had been detected on 17 July, although it had missed other elements of the malware, which allowed it to spread.

Many organizations and even state and local governments may rely on their own IT coordinators and internal IT advisors to be able to handle these types of threats, but given this is not always the most effective method of preventing cyber attacks.  Many Managed IT service providers are trained and equipped to handle ransomware threats.  These providers often have a secure back up in place, and can quickly clean up if not outright prevent these types of threats from effecting your systems.  Had the Alaska borough mentioned worked with a Managed IT Services solution, they likely would have been able to save much more data, and saved themselves the high costs related to rebuilding and restoring the data they’ve lost.

Following this report, “Encrypted data will be stored for months or years in hopes that the FBI will recovery the decryption keys.”