Ransomware Hit Garage Used by Canadian Internet Registration Authority | Tripwire

Ransomware Hit Garage Used by Canadian Internet Registration Authority

Posted on March 28, 2019
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
A parking garage used by employees of the Canadian Internet Registration Authority (CIRA) suffered a ransomware infection. At the end of their morning commute on 27 March, employees of CIRA arrived at a parking garage maintained by Precise Parklink. The garage typically uses Precise Parklink's "Automated Parking Revenue Control System" to verify visitors by scanning their parking passes. But not this morning. The garage's barriers were already up, thereby allowing anyone to drive through and get a parking space for free. https://twitter.com/DaveManouchehri/status/1110951530876882950 A technical glitch wasn't responsible for this unexpected gift of free parking. As reported by Bleeping Computer, Precise Parklink's systems at this particular garage suffered an infection of Dharma, a family of ransomware which is known to infect computers that have Remote Desktop Services exposed on the internet. The threat specifically looks for machines running RDP and then tries to brute force its way in. At this time, it's unclear whether the ransomware targeted the garage's computers or simply discovered them during its web scans. Bleeping Computer learned that the attack took place on Tuesday but carried over into Wednesday morning as employees of CIRA, the organization responsible for maintaining Canada's .CA country code top-level domain, arrived for work. Technicians were still working to restore the affected computers' functionality later that evening. One photograph shared by security analyst David Manouchehri captured the process of technicians reinstalling an affected system.
Screen-Shot-2019-03-28-at-07.18.19.png
Source: David Manouchehri Spencer Callaghan, communications manager at CIRA, revealed that the attack did not affect the Canadian Internet Registration Authority itself. But he did note how these types of attacks have become so commonplace. As quoted in a blog post:
Hackers are starting to exploit those gaps at companies of all sizes and industries. The problem is no longer exclusive to large corporations or data-rich organizations. The tools hackers use are cheap, easy to find, and simple to use, which makes hacking for fun or profit easier than ever.
Currently, there is no free decryptor available for Dharma. That could explain why other strains are beginning to impersonate this particular threat. In response, organizations should take the time to strengthen the security of their computer systems by revising their patch management strategies, investing in some anti-phishing training, regularly backing up their sensitive data and taking other steps to prevent a ransomware infection.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!