Ransomware Looms Large
We’ve addressed ransomware several times in the past on the blog. It is dangerous malware that can leave governments, schools, and private businesses without access to their files, and therefore, crippled indefinitely. Files are locked, operations are stopped. We’ve seen large cities like Baltimore and Atlanta fall victim to ransomware, among scores of smaller cities, school districts, and private companies.
Even though there was nationwide coverage and warnings about this attack and, particularly, how organizations may be vulnerable, many companies have not taken steps to fix these vulnerabilities. In fact, Baltimore City Schools’ servers are vulnerable to the same ransomware that affected its city. And they aren’t the only one, the same article identified multiple school districts that are vulnerable to the same strain of ransomware: Montebello Unified School District, Fresno Unified School District, Cupertino Union School District, and nine separate school districts in Washington. There are solutions to these vulnerabilities, such as patches, but districts are either unaware or not prioritizing these updates.
School districts aren’t the only sitting ducks: 22 local governments in Texas were hit concurrently with ransomware, in what appears to be the largest coordinated ransomware attack ever from the same hacker. The attack was executed through third party information technology software used by many of the other municipalities. At least two cities are unable to process utility payments and other online services have been disrupted as well. According to the mayor of Keene, TX, the hacker demanded a $2.5 million ransom to unlock the files.
Strategies to Protect Your Organization
If your organization is hit with ransomware, operations will suffer. But it is possible to mitigate the damage with some careful pre-planning.
First, make sure your organization is backing up data regularly and that copies are stored offline, safe from the corrupting reach of ransomware. Be sure users know where to save their files so that they are part of the regularly scheduled backup. Second, educate your users about ransomware and how the attacks occur. The only way to avoid damage to your operations and reputation is not to get ransomware in the first place. The biggest piece of this puzzle is making sure people know how to identify suspicious messages. Ransomware is frequently unleashed through a link in a suspicious email. Next, users can help protect the network by keeping software up to date, usually just by allowing the updates to occur. It is good practice to have IT push updates at a regularly scheduled interval. Of course, IT should also monitor and patch internet-connected servers which could be an avenue of attack. Finally, personal devices should not be plugged in to the network. Personal devices can introduce viruses to the network simply through charging a device through your computer’s USB port.
Is your organization doing all it can to protect against ransomware?
The No Ransom Project
Law enforcement does not advise ever paying a ransom. While it may (or may not!) get your data back, it has the unintended consequence of encouraging future criminal cyber attacks. If you pay, you’ve made their attack successful.
The No Ransom Project is a collaboration across multiple European law enforcement agencies and private companies to develop tools that can reverse ransomware’s devastating effects. At this time, no U.S. law enforcement agencies are involved with the effort, but that doesn’t mean U.S. based companies and individuals can’t benefit.
Once someone, either an individual or organization, has been attacked with ransomware, they can upload one of their encrypted files or the ransom note. Analysis of this data can help those at the Project determine the type of ransomware. If a decryption key exists for that particular strain of ransomware, the Project will provide it for free. It can’t decrypt every type of ransomware, but it is certainly worth trying if ransomware happens to you.
Ransomware isn’t going anywhere, in fact it’s a growing problem. Help us spread awareness about how to protect yourself and your organization by sharing this post!