A cyberattack on your business is something you don’t realize the devastating effects of until it actually happens. Having a proactive plan in place is the most important step when dealing with a cyberattack attack, as there’s little you can do after the fact to recover from lost time, money and data. It didn’t take long for the City of Atlanta, Georgia to learn this lesson.
On March 22, 2018, Atlanta was attacked by ransomware hackers causing networks across the city and the computers of its 8,000 employees to shut down for five days. A ransomware attack is a malicious software that cripples a victim’s computer or network, blocking access to important data, until a ransom is paid to unlock it.
Security experts linked the attack to a hacking group called SamSam. The group has been one of the more successful hacking groups, believed to have extorted more than $1 million from around 30 organizations in 2018 alone. In each of their attacks, they lock their victims’ files with encryption, temporarily change their file names to “I’m sorry” and give their victims a week to pay the ransom before the files are permanently inaccessible.
While it’s not ideal for an organization to pay the ransom, and it’s generally discouraged by security and law enforcement experts to do so, some victims say that they can more easily afford the $50,000 that SamSam typically demands than the time and cost of restoring their locked data and compromised systems. The group has targeted hospitals, police departments and universities, all organizations who have the ability to pay and can’t afford going offline for days or weeks.
Ransomware emerged in Eastern Europe in 2009 when cybercriminals started using malicious code to lock victims’ computers and then demand fees of around 100 euros to unlock them. Since then, online cybercriminals, and even some nation states like North Korea and Russia, have taken up similar methods on a larger scale to extort money out of victims.
Cybersecurity experts estimate that criminals made more than $1 billion from ransomware in 2016, according to the FBI.
In Atlanta, the ransom amount demanded was $51,000 in bitcoin, an online currency. Some major systems were not affected, like those for emergency 911 calls and control of wastewater treatment. But the city government’s 8,000 employees were unable to resume work for five days. Many of the city’s functions were on hold – the courts couldn’t validate warrants, police had to write reports by hand and the city stopped taking employment applications.
City officials never stated whether they tried to pay the ransom, but the city ended up spending more than $2.6 million in emergency efforts to respond to the attack. The costs are related to incident response consulting and digital forensics, extra staffing, and Microsoft Cloud infrastructure expertise trying to recover the systems that were frozen.
Ransomware attackers don’t just target governments and large institutions. They can attack anyone. Your business or organization isn’t immune. Most ransomware spreads through a malicious email that poses as a legitimate email to an employee. If opened, it not only affects the user’s computer, but the ransomware uses a worm component to infect other employees’ computers.
It may seem like paying the ransom is the easiest and fastest solution. But even if the ransom is paid, it does not always properly decrypt the locked files. With no other way to decrypt or unlock the machines, your company has to turn to backups. Depending on how frequently your company creates backups, data that wasn’t backed up can be lost permanently. Restoration to these versions takes days, meaning a loss in company time and work productivity.
Taking proactive steps to prevent this kind of damage is the best ransomware protection for your company. Working with a trusted IT services provider, you can take the following steps to avoid the devastating effects of a ransomware attack.
Install an internal safeguard that blocks the worm of the ransomware package so no additional employees are compromised.
Provide training to employees about identifying malicious emails, and even if they do open a ransomware email, they know not to submit a request for payment. Implement an employee cybersecurity education initiative. Require employees to participate in education regarding ransomware, how it works, and how to spot suspicious emails and attachments.
You can work with your managed service provider to implement cloud backups at regular intervals. This is so the employee can restore his machine to its regular status hours after the attack, avoiding the loss of critical information. Backup critical files on a daily basis. Verify back-ups are stored off-line and are in no way connected to shared network files.
Lastly, develop and document a disaster recovery plan for your organization. Backup files won’t help if there is no plan in place to restore operations and knowledge of how long it will take to execute.
As ransomware and cyberattacks become more prevalent, being prepared is the best thing for your business. If you are not 100% confident in your IT resources, contract with a managed service provider with broad cybersecurity experience. Like in the Atlanta government hack, the worst time to realize weakness is after you’re received a ransom note. At that point, the damage in inevitable.
At Swift Systems, we’re proud to partner with growing businesses as a managed IT services provider. We help organizations set up redundancies so that, should an attack occur, its effects will be minimized. In addition, we strengthen systems to greatly decrease the likelihood of an attack occurring in the first place.
We work alongside internal IT teams to give them the support they need.
Get in touch with us today to find out how a managed IT service provider can help you strengthen your defense against a potential ransomware attack.
IT systems are foundational to modern businesses. Too often, that foundation is unsteady. Unpredictable outages, insecure networks, and unreliable performance from mission-critical systems can jeopardize your entire business.
There’s a better way. Learn how.
Get in touch with us for a free consultation with one of our technical experts. We'll review your current systems, assess your needs, and identify the coverage options to best meet them.