The city of Stuart in Florida shut down by ransomware

On April 13th attackers targeted the city of Stuart in Florida with a ransomware attack, infecting the city’s servers and forcing them offline. Email service for the police and fire departments are still offline and the FBI has been brought in to investigate the attack. Although some services such as payroll, utilities and budgeting are back online, it could take another 7-10 days to restore them completely.

City manager David Dyess has disclosed that the source of the attack was not by brute force, but instead infiltrated the city’s network by a phishing email scam. It was simply the case of an employee accidentally clicking on on a link included in a phishing email which then allowed a malicious payload to enter and poison the city’s computer network.

The take away

Although you can’t stop all phishing emails from coming in, nor can your email provider for that matter, your best defense is common sense. Here are 4 red flags of phishing emails:

  1. Strange English Doesn’t flow right? Incorrect use of common words such as “in” and “on”? Incomplete sentences and bad grammar? There’s your sign.

  2. Roll-over links do not match If the email you received was supposedly sent from chase.com, yet the link they’re asking you to click on takes you to an abcplumbing.com website, there’s a good chance that the criminal is trying to direct you to a hijacked website where they’ve setup shop with a fake landing page designed to trick you into entering your personal information. Don’t fall for it!

  3. Suspicious attachment Here’s a good rule of thumb – unless you’re expecting an email with an attachment from someone you know, don’t open it. It’s probably carrying a malicious payload.

  4. Email is designed to make you panic If you receive an email, even from a co-worker or superior that sounds urgent, perhaps even to the point of panic, it could be fraudulent. Always be suspicious of emails that get you roused up.

Stay safe out there.

-A