Maryland officials confirmed that the state’s Department of Health is dealing with a devastating ransomware attack in the midst of a surge of COVID-19 cases. The attack began on December 4 and crippled their systems. After consulting with vendors and state and federal law enforcement the Department of Health has decided not to pay the ransom demands. In response to this attack, thestate began its incident response plan, which started with notifying multiple Maryland agencies, the FBI, and CISA.
They also brought in outside cybersecurity firms to help with the response and isolated their sites on their networkfrom one another, external parties, the Internet, and other State networks. As a result of this containment approach, some services were rendered unavailable and some remain offline today. This was a deliberate decision from the MDH to isolate the threat. It cannot be said what the motives behind the attack were.
Gary Ogasawara, CTO, Cloudian weighed in on the attack and what organizations should be doing to prepare for such attacks:
"This attack demonstrates the importance of having measures in place to recover quickly in the event of a ransomware attack, without paying ransom. The best way to ensure such recovery is by keeping an immutable (unchangeable) backup copy of data. Immutability prevents cybercriminals from encrypting or deleting data, enabling victims to quickly restore the uninfected backup and resume operations.
In addition, organizations should encrypt their sensitive data both in flight and at rest (it’s unclear whether the Maryland Department of Health did or did not do so). Encryption prevents hackers from making data public in any intelligible way, regardless of whether the victim chooses to pay the ransom.
By employing data immutability and encryption, organizations can not only minimize the financial costs and operational disruption caused by ransomware but also help break the cycle of ransom payments funding further attacks."