So what is a Ransomware attack?
You may have read in the news lately about a new and growing threat to municipal computer networks, ransomware attacks. These attacks can be crippling, and can shut down entire cities for weeks or even months. They can have devastating consequences and can cost hundreds of thousands of dollars in ransom just to get a city’s network back online. The good news is, these types of municipal malware attacks are preventable.
Hows does a Ransomware Attack Work?
A ransomware attack, such as Cryptolocker or Triple Threat (which combines Emotet, TrickBot and Ryuk) work by gaining a foothold somewhere your network, usually through a phishing campaign to city employees, or by gaining access to the network through out of date software. Once they are in the network, they spread from machine to machine and server to server to infect as many machines as possible. Once they have infected a large enough number of machines, they activate and begin encrypting all the data stored on every computer. One the data is encrypted, users will be given the ransom demands on their computer screens. Ransom demands can range from $75,000 in bitcoins, as in the Baltimore attacks, or range into the hundreds of thousands, as in the $600,000 Riveria Beach attack ransom.
How do I prevent a Ransomware Attack?
Preventing a ransomware attack is always your best option, potentially saving your city hundreds of thousands of dollars is losses. Luckily preventing a ransomware attack is doable. Here are 4 basic steps you should take to prevent ransomware attacks on your municipal network:
1) Update, update, update
Most malware attacks take advantage of out of date software and operating systems with security holes. Make sure your entire network, all servers and end user desktops and laptops are updated with the most current version of Windows or MacOS and that automatic updates are enabled. Monthly updated are critical to your security.
2) Use Anti-virus / Anti-malware software on everything
A strong antivirus software is one of the best defenses against ransomware attacks. Ensure that every server, desktop and laptop in your network has an up-to-date copy of some antivirus software running on it. Make sure that automatic definition updates are enabled and that the machine is being being protected with realtime protection or with daily scans.
3) Ensure your Disaster Recovery Plan is in place, and working
Recovering from an attack after the fact, without paying the ransom, is near impossible, unless you have a well planned, tested and functioning Disaster Recovery Plan. That means ensuring that all your servers and data are backed up on a daily basis and stored offsite. A good rule of thumb is the 3-2-1 backup rule. Always have 3 copies of your data, 2 of them should be on different types of storage and 1 of them should be offsite. With a solid Disaster Recovery Plan, recovery from a ransomware attack can be a simple as cleaning your servers and restoring your data.
4) Know your network and software
Do you know what is currently on your network? Do you know if your machines are updated? How well is your anti-virus software working? Knowing exactly how well protected your network is can be the difference between ransomware taking over your network and staying safe. Perform regular Security Risk Assessments to ensure you are properly protecting your network and data from attacks.
An Ounce of Prevention is Worth A Pound of Cure
Preventing ransomware in your cities network is defiantly one place where this old adage holds true. Taking four the basic steps outline above to protect your municipal network will go a long way to preventing ransomware attacks. Recovering from a ransomware attack can be a nightmare, so plan ahead, practice good IT hygiene, and you can significantly lessen the risk of a municipal ransomware attack.