If you’re not familiar with how ransomware works, call the city of Atlanta’s IT department. On March 22nd, they were hit with the SamSam ransomware, which created, in effect, an encrypted wall that prevented employees from accessing needed data. It effectively ground city services to a halt. The city couldn’t collect parking fines and payments for city services. Police had to hand-write reports, which greatly hindered the force’s efficiency.
The cyber attackers threatened to wipe the city’s computers clean unless they coughed up a bitcoin-based ransom payment. It’s unclear whether the payment was ever made (slowly the city has been able to bring services back online), but the attack has cost the city an estimated $2 million to date. The attackers who introduced SamSam three (3) years ago have collected almost $1 million, and that figure will likely grow.
There are a number of ways organizations can protect themselves against ransomware. Nothing is sure-fire, though; it’s a high stakes cat-and-mouse game. In the case of SamSam, as with most ransomware, it learns and adapts from each new attack.
First, make sure you’ve implemented the following…
These security measures might seem simple and intuitive, but they represent the best defenses―when implemented collectively―against falling victim to ransomware.
- Make certain antivirus software is installed and up-to-date on all endpoints of your organization. It’s a great first line of defense, but relying on it alone could be a fool’s paradise.
- Back up all data on a regular basis, which can be accomplished via the cloud or local storage devices. Flash storage is based on high-speed, electrically programmable memory. It performs and writes data in a flash, and is a form of non-volatile memory that doesn’t require power to maintain its stored data. Flash storage is more durable, and not as susceptible to bumps and drops, which means data is stored and maintained more securely.
- Create Group Policy (GPO) restrictions, which are simple and easy to implement. They can provide control over the execution of files, such as those from users’ APPDATA directories.
- Make sure the latest security patches are installed on all third-party applications like, as examples, Adobe, Flash and Java.
- Restrict administrative rights to a few, select employees. Organizations might believe they’ve been restrictive, only to learn that, after several years, hundreds of employees have been granted administrative rights.
- Implement security awareness training. While the aforementioned are key elements for helping secure your organization from ransomware and malware, the biggest threat comes from a lack of employee education. Make sure users ask themselves, prior to opening a link or attachment, Do I know the sender? and Do I really need to open this link or file? If they don’t consider these questions, your organization could be ripe for the picking―or phishing―which is one of the most common entry gateways for ransomware.
Consider calling on the experts
Not proactively protecting your organization’s network and data against ransomware attacks is really a pay-me-now-or-pay-me-later proposition. If you choose to ignore it or believe you’ve got it all covered, it’s a good idea to consult with network security experts like those at GDT. They can help your organization ensure the necessary steps, solutions and hardware are in place to prevent it from falling victim to a ransomware attack.