City of Atlanta Hit With Ransomware – Is Your Business Prepared?

Last Thursday morning around 5AM, City of Atlanta officials noticed something vwrong with their IT systems.  They couldn’t access the data that residents use to pay their bills or the data related to the court system. Atlanta was the target of a ransomware attack. The attackers demanded $51,000 to unlock the City’s data. The City said it has no plan to pay the ransom and was working with Microsoft, Homeland Security and the FBI to resolve the matter.

On Friday, a full day later, the City was handing flyers out to employees as they entered work telling them not to turn on their computers until the situation was fixed.

As of Saturday, three days later, the City was still “Working around the clock to fix the issue”.

What is your strategy to combat the possibility of being hit with a ransomware attack? How long can you be down? Could your business survive if it lost all or some of its data?

What is ransomware?

Ransomware is a type of malicious software designed to block access to a computer system or data until a money is paid to the culprits, usually in the form of Bitcoin. Today’s variants of ransomware, called crypto-ransomware encrypt a series of file types like documents and spreadsheets but some have been known to encrypt databases as well.

Ransomware can be downloaded onto systems via malicious email links, compromised websites, email attachments, malware disguised as advertisements or exploits that attack vulnerable or unpatched systems.

One of the most frightening things about a ransomware attack is that it is not limited to the initially compromised computer, but will also encrypt any shared or mapped drives connected to the compromised computer putting the entire network at risk.

What should you do to protect your company from ransomware?

1. Anti-Virus: Make sure your anti-virus is up to date on EVERY computing device on your network. A centrally managed anti-virus solution that notifies you when a device is out of compliance can help keep your company up to date.
2. Patching: Have a patching standard for your entire company. Remember that most viruses come in through 3^rd party software like Flash and Java not just the Microsoft operating systems. Patching should also include all 3^rd party tools that are in use on your systems.
3. Backup: Once hit with crypto-ransomware your backup is going to be the best and likely only solution. Make sure you have valid backups. A backup testing policy is a good way to make sure that when a disaster strikes your company will be prepared. Review your backup strategy. Make sure that your time to recovery is acceptable. Restoring backups can take a considerable amount of time and your company will be down while the restoration is in progress.
4. Firewall: Putting your company behind a professional grade firewall with current intrusion protection, gateway anti-virus and content filtering adds a layer of protection at the front door of your network.
5. DNS Protection: There are a variety of products available that extends the domain name system (DNS) and add features like phishing protection, website blocking and DNS lookup functions.
6. Training/Education: Educating your users about the threats that are lurking, how to avoid those threats and safe computer use go a long way towards protecting your company.