On March 22, the local government in the city of Atlanta, Georgia experienced a widespread ransomware cyberattack that affected several city applications and devices.
Ransomware is a type of malware that takes over a computer and locks out the user. The attackers then make contact with the victim and request payment. If the ransom is not paid, they may publish the victim’s personal files and data or just continue to block access to them.
In Atlanta, the attackers gained access to some of the city’s applications through a network vulnerability. Once they had locked the city’s systems with a ransomware known as “SamSam,” they asked for six bitcoins to unlock everything. Six bitcoins are currently worth around $51,000 US dollars.
Atlanta chose not to pay the ransom, as there is no guarantee that they would get their files back and they didn’t want to encourage any similar attacks. Instead, Atlanta officials awarded nearly 2.7 million dollars to eight private companies in the first couple days after the start of the attack.
The FBI, Department of Homeland Security, and Secret Service have also been assisting city officials in investigating the attack.
As you can see, the consequences of a ransomware attack can be severe. Nearly a month after the breach, nearly all city functions were still being carried out with pen and paper. With that in mind, what are the best ways to prevent them from happening in the first place?
How to protect yourself against similar cyberattacks
Ransomware attacks usually infiltrate organizations through their network. Therefore, maintaining good network security practices is a must. These can include:
Using strong, unique passwords. Both individuals and companies have a tendency to use shared passwords for different programs, even Windows logins.
If someone gains illicit access to your network or a specific computer, they can’t immediately gain access to all of your program logins and computers if you use unique passwords.
Staying vigilant for phishing. Phishing is another common method of attack for gaining entry to install ransomware. 91% of phishing attacks are targeted at specific people in a company, a technique known as spear phishing.
The attacker will study an organization’s email format, then send a simple email to an employee designed to appear as if it is a common email from a co-worker.
Most of these emails will look completely normal except for the full sender email address, which is usually something odd such as “ejhjsh@jk.cn.”
In many email management applications, the full address is automatically hidden behind the given name of the sender, so staff must be trained to interact with that name to confirm the address.
Securing your network. Ensure that a monitored firewall is in place and that all Wi-Fi networks are password protected with WPA2 encryption.
A VPN, or Virtual Private Network, is also a very good thing to have, especially if you have any staff working remotely.
Keeping operating systems and firmware up-to-date. Patches for known security vulnerabilities are released quite often.
Most of these are to combat specific new threats that are being used or about to be used in the wild. Staying up-to-date with security and operating system patches shores up your defenses against many common attacks.