In response to reports that the Florida county’s election office had its computer systems infected and encrypted by ransomware just weeks before the 2016 US presidential elections, an expert commented below.
In response to reports that the Florida county’s election office had its computer systems infected and encrypted by ransomware just weeks before the 2016 US presidential elections, an expert commented below.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This event is not surprising given the significant focus on government institutions that ransomware attackers have shown over the last five years. This attack coincides with the attack on San Francisco\’s Muni rail system in November of 2016 and the ransomware attack that left 70% of Washington DC\’s police security cameras inoperable in January of 2017, just weeks before the presidential inauguration. While the Muni attack was well known due to the fact that light rail ticketing systems displayed the ransom demands and Muni had to open the gates and allow free rides for several days, the Washington DC event was also handled fairly quietly.
While any intrusion into computer networks is a concern, it is important to note that ransomware infections back in 2016 were less likely to spread across networks as quickly as we see happening today. It is possible that the infection was isolated to a single machine or a couple of machines, which may explain why the incident was not reported to the FBI or DHS. Although the ransomware was mostly likely introduced through an email phishing attack, the number one way that ransomware infections start, it would be prudent to understand how the event occurred and ensure the vulnerability is addressed. It is surprising that the second-in-command at the time is unsure if the vulnerability still exists or how the infection started.
As we move closer to the 2020 elections, the threats against the election process will intensify greatly. Using the Iowa caucus as an example, it is obvious if an infection were to occur that encrypted election results from even a couple of precincts, the ramifications would be monumental. In addition, current variations of ransomware are now known to steal data before encrypting it then releasing it publicly, or threatening to release it if a ransom is not paid. Voting is information is often a private affair, and the release of some of this information could potentially be disastrous for our voting system as our citizen\’s trust is dissolved. Small cities and townships will be heavily reliant on the state and federal government to ensure the confidentiality, integrity and availability of cast votes and voting records, especially where these votes are being cast digitally. Florida is famous for the \”hanging chads\” and Iowa for the caucus issues, we do not want to see any more states or localities made famous over voting issues in 2020.
To protect against the threat of ransomware, it is vital that organizations, both public and private, teach their users how to quickly spot phishing emails in the barrage of daily messages they receive. In addition, organizations should do random simulated phishing tests as a way to hone these skills so the users are ready for the increased upcoming pressure from the cybercriminals as we get closer to the elections. Any remote access portals for employees or IT staff and vendors, the second most common avenue used to infiltrate networks with ransomware, also need to be secured and monitored vigorously and should use multi-factor authentication to log in whenever possible.