Last week’s ransomware attack on the City of Atlanta’s networks reminds us that ransomware can result in downtime and lost productivity. Ransomware is a type of malware deployed by threat actors to prevent or limit users from accessing their system or networks until a ransom is paid. Nearly 10 days after the attack, some municipal offices were still unable to access digital data as far back as 16 years while the immediate impacts read like a futuristic, science fiction movie: “Eight thousand Atlanta local government employees were sent home after a ransomware attack that shut down every municipal service, except 911 and wastewater management, leaving police and other city workers grappling to conduct operations manually with paper and telephones.”
The recent surge in ransomware attacks is linked to increased targeting of banking, technology, utilities, and energy industries. Ransomware is driven notably by the rise of Ransomware as a Service (RaaS) and the low cost and risk associated with conducting an attack. Oftentimes the precise origin of cyber attacks cannot be identified, which allows the nefarious behavior to go unpunished, no matter how harmful the impacts. In addition, widely available, low-cost tools provide a low barrier to entry into the cyber crime market, which is estimated by security researchers to exceed $6 trillion by 2021.
Ransomware is increasingly targeting multiple industries with downtime and lost productivity however, organizations can best manage this risk with proactive prevention and a tested response plan. The following steps can kick-start your organization’s prevention and response plan today:
- Acknowledge there is a ransomware risk: It is critical that senior leadership acknowledge that risk from a ransomware attack must be managed and agree that prevention starts now instead of waiting to respond to an attack after it has occurred, which risks greater harm to your organization.
- Invest in employee security training: Ensure that your staff understands that they have a role in ransomware prevention, know what that role is, and what to look for to help prevent this type of attack.
- Maintain digital asset inventories: This can be a document, spreadsheet, or database that is regularly updated and backed up. If you already have one in place, ensure that it is up to date.
- Implement Access Control Lists (ACLs) and monitoring of physical and IT infrastructure: This allows you to permit/deny traffic based on IP address and/or TCP/UDP port(s) and will prove useful if you need to conduct a review for traffic on your network.
- Practice your organization’s disaster recovery plan in response to a ransomware attack: Your organization’s leadership may benefit from training in a gaming scenario which provides them the opportunity to engage in strategic decision making under pressure. The test should also include back up checks.
Don’t let your organization be a ransomware target of opportunity. Cognitio works with organizations across multiple sectors to help them identify, prioritize, and mitigate their digital risks with their Cyber360 framework. For more information, visit Cognitio.