The city of Atlanta, Georgia was hit with a Ransomware virus on March 22 where $51,000.00 was demanded in total in order for the hackers to unlock and release their computer systems. FBI officials are investigating the attack and one source, according to Atlanta news station 11Alive, stated the virus closely resembles the SamSam strain of viruses that were attacking healthcare facilities back in 2016. As is common with most ransomware, if it is not intercepted before it takes control of the network systems, then it locks out everyone and demands thousands in payment in exchange for a “decryption key,” the only tool that can unlock it and release the affected files and data. This essentially brought business at the city to a crawl and could potentially compromise people’s personal data.
How do Ransomware Hackers Pick their Targets?
Typically, hackers target establishments or businesses that they have spied on and determined to be vulnerable. No professional establishment can afford to be locked down for days or even weeks, so sometimes the victims may feel it’s easier for the organization to just pay the ransom, rather than wait for an expert to try and decrypt the code, which in some cases can’t be done at all. This is not something the FBI or law enforcement recommend, but they understand the temptation since the chaos of losing all that data and being down for weeks is a worse reality than losing the money the victims would have to pay to obtain the decryption key.
Why do Ransomware Attacks Happen?
It’s scary to think these criminals could just lock down an entire IT infrastructure anytime they want and remain completely anonymous in the process. Most times the perpetrators continue their reign of cybercrime because of how successful they usually are. For instance, a ransomware attack earlier in the year on the city of Leeds, Alabama resulted in a payout of $12,000 to the perpetrators.
Where are Ransomware Attacks Trending?
It makes people wonder…how can this happen in 2018, where in America any establishment with a computer network can call fall victim at any time to this kind of attack? The truth is, the more sophisticated protection measures become, the more complex the hacker’s attacks become, so it’s a cyclical problem. According to experts, it’s not going away anytime soon either. In fact, attacks are expected to increase in frequency, as it seems cyberthieves have decided this is now their favorite way of making money, because of how easy it is—the old ways of stealing credit cards and bank account details turned out to be a much riskier venture.
What can be done?
What can a Business or Organization do to Protect Themselves?
Here are three core solutions…
- Proper backing up of critical data is one of the best methods. Backing up all of a network’s critical data to an offsite cloud storage instead of housing it locally guarantees that you can get back all the information that is held hostage. This makes the attack in some ways irrelevant because critical data can simply be retrieved from the storage cloud it was backed up to originally. The data is not stored on the local network, so the attack simply doesn’t affect it.
- Another important action you can take to combat a ransomware attack is to establish proper training and policies, so an attack can be prevented in the first place. What makes establishments particularly vulnerable is staff/employee behavior. Proper training administered by a qualified IT consultant can ensure phishing scams don’t work as often on unsuspecting personnel. “Phishing” is when a hacker sends emails to a location’s network users in hopes of luring them to click on it. Such emails are typically loaded with a trap of sorts, that allows the hacker to gain access to your system, setting up a scenario where a ransomware attack is possible. Getting employees to recognize the warning signs of this and avoid it go a long way in protecting against this kind of violation.
- A third major defense against ransomware is putting proper security hardware or software in place that blocks malicious applications from installing themselves into your IT systems. Security software or hardware can recognize when a foreign program is trying to install itself onto your network and stop it before it’s too late. The proper software can also detect when an update needs to be installed that could stop potential exploits from being used in an attack. The WannaCry ransomware attacked Microsoft Windows users whose software was outdated and did not have the proper patches installed.
Having the proper protection in place to prevent attacks of ANY kind is the most important and necessary measure any professional organization can take.
Want to learn more about how to put these protections in place? Contact us!