On Thursday, March 22, 2018, the city of Atlanta's online systems were hit by a ransomware attack. In order to minimise the impact of the intrusion, employees were told not to use their computers or wireless networks. While the hackers were demanding $51,000 in ransom, the impact to the city was much worse affecting many of the local services.
What happened? The attack affected:
The Department of Public Works' website, impacting residents trying to pay bills; applications for new employment were suspended
Department of Corrections had to manually process convicts
Municipal Court hearings had to be rescheduled
The tickets payment processing system was disabled
Public Wi-Fi at Hartsfield-Jackson International Airport was unavailable.
Who is behind the attach?
The group behind the SamSam ransomware is responsible for the attack. The group has made over $850,000 since December 2017 and is also responsible for attacks on the Colorado Department of Transportation (twice), Municipality of Farmington in New Mexico, Allscripts, Hancock Health, Adams Memorial Hospital and Davidson County in North Carolina.
How was the ransomware spread?
The ransomware is not spread via email; the attackers found to penetrate in the systems through vulnerable servers by using weak or stolen credentials. Once inside the network, the hackers manually used legitimate system tools and resources to install the ransomware throughout the entire network.
A week later, the city still does not have full functionality restored to its online systems and has not decided if it will pay the ransom.
Ransomware attacks are not going to disappear anytime soon. Attacks are getting more sophisticated everyday and are targeting state and local agencies, as well as private companies, that lack the necessary network security to protect the data and infrastructure.
What Can You Do?
Even today’s sophisticated malware protection can be circumvented by ransomware. The best approach to network security is multi-layered and requires vigilance from both IT professionals and their end users.
Always keep backups. Data can’t be recovered if it isn’t backed up. Have a strategy in place that covers every user, device and file. Our Cloud solutions include a 30 days automatic backup that can help to recover data in the event of an attack.
Lock down administrative rights. Don’t give users administration rights, even on their own machines, unless it’s absolutely necessary. Cloud users have restricted access to only the required files to run the applications. The important data is located on the cloud servers protected by the most advanced network security technology which reduces the risk in the event of an attack to your local network. We also provide local netwrok security to protect your data and every device connected to your network or wi-fi.
Stay up to date. Keep systems and apps current with the latest patches to avoid exploits that rely on outdated code.
Protect at the gateway. The Firewall provided by Cloudsis Network Security can block spam, viruses, and phishing attempts. It can also block “phone home” requests made by malware.
Keep every endpoint protected. Gateway protection can’t help when users insert a rogue USB stick. Make sure every endpoint has complete, current security.
If an email looks suspicious, it probably is. Train users to trash emails that look like spam. Better yet, show them how to inspect email headers if they’re unsure of the sender.
Don’t open attachments. Unless your users are absolutely, positively sure that they recognise both the sender and the file, it’s better to leave attachments alone. If they do open attachments, they should never enable macros or executables. Suggest other ways to share documents that require authentication and have built-in virus scanning. Our 365 Cloud Email includes multiple spam filters so your email is protected from the moment you receive your first message. We also provide Cloud Email Archiving to ensure that you always have a backup of all your emails.