If you aren’t aware of ransomware and the damage it can do, I don’t know how you found this blog and are reading it. If you have any association with the Internet and blogs or other resources like mine, you must know about ransomware. I’ve blogged about it numerous times and I’m quite concerned by some of the trends I’m noticing over the past year.
A glaring example is this month’s ransomware attack on the City of Augusta, Maine, the state capital. It essentially shut down the city, including the police department, which fortunately was able to be brought back online before any serious impact took place.
The ransomware that hit Augusta was particularly nasty in that it focused on shutting systems down and making them inaccessible. It did not steal data, at least not that has been discovered as of now. What was also particularly nasty was the amount of ransom that the hackers demanded. One hundred thousand dollars. You read that right, the hackers demanded at least $100,000 to restore Augusta’s network. The city elected not to pay the ransom and actually rebuilt much of its infrastructure from the ground up. That itself is not inexpensive and it was time consuming, but it did not reward the bad guys for their attack.
Augusta is not the only city to be hit hard. The cities of Albany, New York, Atlanta, Georgia, Greenville, North Carolina, Portsmouth, New Hampshire, Stuart, Florida and Tallahassee, Florida are among many US cities that have suffered ransomware attacks. Just this past week, Cleveland Hopkins International Airport was hit with a ransomware attack. Fortunately, it appeared to only impact terminal systems and not critical air traffic control and safety systems, but it certainly caused many to think hard about the risk ransomware poses.
Ransomware is getting smarter, and the ransoms are getting larger, meaning a successful attack could very easily put a business out of business in a short amount of time. I know of more and more entities, private and government, that are suffering more advanced ransomware attacks.
While a layered defense is more important than ever, user education is equally important. You can throw all the technology available at ransomware and it could still sneak in to your systems. Being sure you have done everything possible to thoroughly educate your users on how to defend themselves against ransomware cannot be overstated.
Test your users and see who may be vulnerable to email phishing attacks, still the most common way ransomware enters a network. Lock down your networks and employ web filters to control where you allow your users to go online. I could go on and on about the different ways you can defend against this threat, but at the end of the day there is just one word; education.
Not one time education, but ongoing education and simulated attacks. Just like first responders and others train for crisis situation, so they reflexively know how to properly respond, we need to adopt a similar strategy to protect our businesses and online assets. Continually educate, test, refine the educations based on the results of testing and test again. Repeatedly. Make it part of your corporate culture, just like every other routine critical to the success of your business. You’ll be glad you did!