Caught out: U.S. Court in ransomware attack Special

Posted Sep 13, 2020 by Tim Sandle
A U.S. criminal court has been hit by ransomware, striking at the heart of the administrative infrastructure. This led to Fourth District Court of Louisiana’s website being breached and documents being published online.
Ransomware is a malware that threatens to publish the victim s data or block access to it unless a r...
Ransomware is a malware that threatens to publish the victim's data or block access to it unless a ransom is paid.
According to CBR, targeting 'a successful' (from the point of view of the hackers) ransomware attack directly a U.S. court is thought to be the first ransomware attack of its kind,in terms of documents and court data being exfiltrated and published. After stealing the Louisiana court documents, which reportedly related to witnesses, jurors, and defendant pleas, the hackers posted proof of the hack attack on its Dark Web page.
The agent for the attack was Conti, a relatively new ransomware strain. Reports from Bleeping Computer claim that Conti "is being operated by the same group that conducted Ryuk ransomware attacks in the past".
Sanjay Jagad, senior director of products and solutions at Cloudian, tells Digital Journal that ransomware is posing a very real and increasing threat: “The ransomware attack on the US Criminal Court highlights ransomware’s extraordinary power to interrupt operations, expose critical data and ruin reputations."
He adds that there are particular institutions that are a greater risk than others: "While ransomware threatens organizations of all types, government agencies are increasingly vulnerable, due to outdated technologies and inadequate defenses resulting from tight budgets."
This means new and more imaginative counter strategies are required, as Jagad says: "With ransomware attacks costing government agencies over $7.5 billion in 2019, it’s clear stronger defense measures are needed."
One answer is by implementing Object Lock technology. This is is an Amazon Web Services S3 feature. According to ZDNet it "blocks object version deletion during a customer-defined retention period so customers can enforce retention policies as an added layer of data protection or for regulatory compliance."
Jagad recommends the use of Object Lock technology "at the data storage layer makes backup data unchangeable, meaning it cannot be encrypted by hackers. As a result, organizations can quickly and easily recover an uninfected copy of their data in the event of an attack and avoid having to pay a ransom.”