Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Utah County Struck by Ransomware

Garfield County, Utah, was recently affected by ransomware. Local government is an increasingly attractive target for criminals because of its high dependence on information technology, and generally poor security. Elected officials are under constant pressure to spend available funds on something visible and appealing to the electorate rather than unseen technology.

Garfield County, Utah, was recently affected by ransomware. Local government is an increasingly attractive target for criminals because of its high dependence on information technology, and generally poor security. Elected officials are under constant pressure to spend available funds on something visible and appealing to the electorate rather than unseen technology.

Little is known about the Garfield attack. In brief, it appears that an employee clicked a phishing link that gave the criminals access. Having gained access, the ransomware apparently encrypted enough systems to require County officials to switch to paper administration; although it is reported that the courts, elections and sheriff’s office were not affected.

The type of ransomware and any suspected culprits has not been made public. It can be assumed that the attackers either compromised back-ups systems, or the back-ups were simply inadequate — the county attorney said that a ransom in Bitcoin was paid in order to retrieve files.

Some ransomware attacks are blended with data theft attacks. It is difficult to know what happened to Garfield. The county attorney commented, “All of our data had been taken,” and, “We’ve learned that even in Panguitch, people could steal your data.” However, since there is no obvious personal information data breach disclosure coming from Garfield County, it is possible ‘stealing data’ refers only to reversible encryption.

The ransom was paid, and the systems restored in March. There is no current indication on the value of the ransom. However, also in March 2019, Jackson County, Georgia, paid a ransom of $400,000 for decryption keys following an attack involving what is thought to be the Ryuk ransomware.

Cities and counties are under enormous pressure to simply pay any ransom following the example of the SamSam attack on the City of Atlanta in March 2018. Although the city refused to pay the ransom of around $51,000, it was reported that another $9.5 million budget would be required for recovery costs.

Although official advice is to never pay a ransom, the cost and disruption experienced by Atlanta can make that a difficult call.

Advertisement. Scroll to continue reading.

Two Iranian citizens were indicted by the U.S Department of Justice in November 2018 for their alleged role in developing and deploying SamSam.

Other recent ransomware attacks on local government include the city of West Haven in October 2018 ($2,000 ransom paid); Madison County, Indiana (where the ransom was probably paid, but the amount not disclosed).

Related: Europol Declares War on Ransomware 

Related: GandCrab 1,4 and 5 Decryptor Available 

Related: SamSam and GandCrab Illustrate Evolution of Ransomware 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.

Cybercrime

The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...