The computers at the Justus-Liebig University in Giessen have been offline for days. Last week, Klinikum Fürth (a large municipal hospital in southern Germany) was forced to disconnect from the emergency care services network. On the very same day, the City of New Orleans had to take precautionary steps after a virus had been discovered. Attacks on communal institutions and services around the globe are indeed becoming ever more frequent.
In its recent Bericht zur Lage der IT-Sicherheit (IT Security Status Report), released in mid-October, the German Federal Office for Information Security (BSI) had already confirmed an alarming increase in the amount of ransomware attacks, resulting in numerous production outages across the economy and causing some major disruption. The report, which covered the period up to the end of May 2019, showed that several hospitals and community institutions such as municipalities were among those organizations in Germany impacted by such attacks.
“The report shows that the quality of the cyber attacks has continued to increase and the threat remains high,” adds BSI president Schönbohm. “But it also makes it clear that these cyber attacks can be warded off, provided that IT security measures are implemented consistently.” If cyber security is lacking, digitalization simply can’t be successful.
Last week, the news broke that Justus-Liebig University (JLU) in Giessen had been forced to disconnect its computers from the internet following a suspected hacker attack, leaving staff needing to cope without wired Internet, email and internal networks for the time being. This response was brought about by the discovery of a previously unknown type of malware in the university network. According to a statement by JLU president, Professor Joybrato Mukherjee, this was not an attempt to blackmail the university by means of ransomware.
In the meantime, the employees at the JLU have started to check their office computers for malware. In addition, “several hundred” USB sticks containing an up-to-date virus scanner have been handed out to staff. All of the computers have to be checked in two phases and may only be used again when they display no abnormalities under testing. At the same time, the team at the university’s data center is working closely with experts from the Darmstadt-based ATHENE Research Center for Cyber Security to screen back-end systems for infection with the previously unfamiliar malware. According to Mukherjee, there may still be a long way to go before all systems are fully operational again. Meanwhile, an astonishing 38,000 students and lecturers will all have to queue up in person to fetch paper documents containing their new passwords.
The university could have spared itself considerable trouble, cost and effort if its email systems had been safeguarded by the Europe-wide patented Retarus Patient Zero Detection® service. As soon as the details of the malware had become available, all emails infected with the as yet unknown malware could later have easily been detected retroactively and it would have been visible which inboxes the infected emails had been placed in. From there, using the additional Real-Time Response service, it would even have been possible to automatically move the messages into quarantine or delete them entirely. In any case, the forensics would have been considerably easier.
Last Friday, Fürth Hospital had to restrict its operations substantially following the discovery of a computer virus in its IT system the previous day, while the City of New Orleans was also hit by a virus on the same unlucky 13th of the month. On Friday morning the hospital had to disconnect itself from the emergency care network and was temporarily unable to admit new patients. The decision was made to cut the connection to the Internet completely.
Experts are currently investigating the incident. The hospital presumes that the malware used email as a gateway to make its way into the computer systems. It’s not yet clear which Trojan or virus is responsible for the disruption. Initial reports from the “Bayerischen Rundfunk” (Bavarian Broadcasting Corporation) suggest that the infected emails looked as if they came from known senders such as hospital employees. The State Criminal Investigations Agency and the German Federal Office for Information Security (BSI) have been duly informed. It’s not as yet foreseeable how long the services will be restricted for. The hospital in Fürth had already fallen victim to a Trojan attack in 2016, according to “Heise online”, a German IT news channel.
In a totally unrelated incident, the computers at the City of New Orleans were also hit by a virus. Employees were asked to turn off computers as a precautionary measure. It is unclear whether the attack involved ransomware, but the news channel Bloomberg notes that attacks against cities and other government agencies is indeed on the rise.
In these cases, the Advanced Threat Protection (ATP) functions provided by Retarus Email Security would most probably have been able to prevent the worst of the consequences. Moreover, both Fürth Hospital and Giessen University could have used our new Email Continuity service to ensure that they would still be able to send and receive emails, even after switching off their own mail servers. Email Continuity makes available an “active-active” backup with webmail accounts, which can be switched over to in a matter of minutes in case of an emergency, allowing staff to continue emailing.