Phoenix Technology Group: Blog
Dawn of the New Age of Conflict: Lessons from Colorado’s recent cyberattacks
The upward trend continues for cybersecurity incidents. Colorado alone has faced many incidents over the last two years that should prompt all individuals in the private and public sectors to take notice and make a plan to mitigate any downtime an incident could cause for internal employees as well as public services.
The BlackCat ransomware attacks that hit Fremont and Wheat Ridge recently demonstrate why you should care enough to be prepared.
August 2021: BlackCat ransomware hits Fremont County
Ransom: 2.5 Million (unpaid)
- Downtime: 1 month (official), though due to the need to rebuild the systems, many of Fremont’s services were down for many more months.
- Implications: Public services were down for several months, interrupting local residents and their industries. This attack exposed some personal information of county employees and residents. The county likely will have some portion of their old data that is permanently unrecoverable due to their need to rebuild systems.
- Fremont’s Lessons Learned:https://fremontcountyco.state.co.us/cyber-safety-tips
- Choose Strong Passwords
- Practice Caution with USB Drives
- Back Up Your Files
- Install Antivirus/AntiMalware Software
- Beware of Phishing
- Avoid Social Engineering
- Use Spam Filters
- Check Social Media Settings
- Be Wary of Phone Calls & Text Messages
September 2022: BlackCat ransomware strikes Wheat Ridge
- Ransom: $5 million
- Implications: Wheat Ridge indicates that they now understand these issues are less about “If” and more about “when.” They also have learned that “recovery takes longer than you think.”
- Wheat Ridge’s Lessons Learned: https://coloradoccma.org/wp-content/uploads/Wheat-Ridge-vs-Black-Cat.pdf
- Start Using a Password Manager
- Join the Multi-State Information Sharing and Analysis Center (MSISAC): https://www.cisecurity.org/ms-isac
- Sign up with Cybersecurity & Infrastructure Security Agency (CISA): https://www.cisa.gov/
- Leverage SANS.org: https://www.sans.org
- Turn on MFA
- KnowBe4 Training
- Find Local Cybersecurity Groups
October 2022: Killnet hackers take down Colorado.gov
The most recent major cyberattack hit Colorado when a foreign group known as Killnet claimed responsibility for taking down Colorado.gov, the homepage for the state’s online services. The attack was part of a multi-state campaign by the Russian-speaking hackers, who said they were retaliating against NATO countries for their support of Ukraine amid Russia’s invasion. The attack only affected the main directory page, while other state services were still available through their individual websites. The state’s IT department restored the homepage within two days and said no data was compromised.
Unsure where to start?
Wheat Ridge Recommends Asking Your IT Leadership These Questions
- What is our backup strategy?
- Are our systems currently supported?
- Does our team have the right skills to support our environment?
- Have we tested our network? If so, when and what did we learn?
- What are our Recovery Time (RTO) and Recovery Point Objectives (RPO)?
- What is keeping us from implementing MFA? Are our MFA settings appropriate?
- Do we have a current system inventory?
- What is our information governance policy?
- Do our password policies conform to best practices?
- Do we have shared accounts, especially with admin rights or old passwords?
- Who has administrative rights?
- How do we control access through our network?
- What is exposed to the Internet?