Baltimore Maryland’s city government is the latest organization suffering from a ransomware attack, so widespread that operations have come to a halt. This is a great example of the diversity of victims suffering from advanced persistent threats like this, which require advanced security implementations and infrastructure to prevent. When you hear an IT Manager in the hospitality, manufacturing, or clearly even public sector say, we’re not a large target, we’re not a bank or hospital, point them to this article.
Cyber crime groups who leverage exploits like ransomware don’t need to find a network holding billions of intellectual property records, they just need to find a network which would be missed, if it were taken away. Take Baltimore for example. It’s fair to assume that Baltimore’s network currently under ransom is not worth big bucks, however, Baltimore’s inability to perform certain tasks and access certain records, inconveniences thousands of angry citizens, and got them a premier slot on most social media slots. An event, they more than likely want resolved quickly.
How do you deal with ransomware?
Fair question. Not a fun day for any IT professional, especially when you’re the guy being blamed for the mess. The unfortunate truth is that if you don’t have an ability to retrieve critical files and restore necessary services from an external from the network perspective, typically through backups, you’re out of luck killer. Your best bet post exploit is to retain the services of a firm whom specializes in incident response, and has a positive track record of restoring services, as well as consulting towards effective PR and legal cleanup to ensure a best-case scenario recovery.
The best way to deal with ransomware is to not get ransomed. Advanced threats like this, contrary to popular belief are preventable. Do you think Bank of America, Amazon, and apple have never been targeted by network crypto attacks like ransomware? Train your staff to recognize the signs of an attack and give your team the amnesty and freedom to not fear reporting possible attacks they believe they may have fell victim to. More than likely the attack on Baltimore started with an untrained user who unknowingly let a bad guy/gal in. Your best bet against advanced attacks is to make cyber security part of your company culture!