Hackers are opportunists who use various tools to look for easy prey.

In March the computer network of the City of Atlanta was hit with the SamSam ransomware attack and the computers and network are still suffering with issues in critical areas. How did this happen and what can you do to ensure your organization isn’t compromised in the same way?

The attack on the City of Atlanta encrypted a large portion of the city’s data. The hackers demanded $50,000 to decrypt their files.

Ransomware usually works like this:

  1. Hackers scour the internet looking for unsecured or poorly secured networks. They usually do not target specific organizations. They look for easy targets.
  2. Once they find an easy target they browse the network to find valuable data. These are the files, databases and systems that would hurt businesses the most if they are locked up and inaccessible. Sometimes the ransomware can sit for days or weeks before activating.
  3. They then commence with launching the ransomware and locking down the systems. They demand a payment to unlock the systems. The payment is usually something that they feel the organization will pay.

Atlanta was hit hard and much of the city was shutdown. The courthouse, City Water payment system and Airport are just a few notable departments. Departments like the Police even reverted to paper filing.

Ransomware attacks are on the rise and there is no excuse for poor network security. You can learn from what the City of Atlanta is going through.

Here are 3 action items:

  1. Secure your network
    You must secure your network. A multilayered strategy here works best and should include updating software and hardware, email filtering, firewall, endpoint protection and 2 factor authentication. You will need help with this as most businesses simply do not have the in-house expertise to effectively implement such a strategy.
  1. Employee Education
    Believe it or not one of the biggest security risks are your employees. Employees like to click on things so they need to learn how to spot phishing emails and phone calls. The solution is to provide ongoing training to your employees.
  1. Never pay the ransom
    The FBI continues to advise companies to not pay the ransom, and there are a couple of important reasons. First, these attacks keep happening because people are paying the ransoms. This only makes the attacks increase in number. 2017 started with a 250% increase in attacks over 2016. Second, there is no guarantee that you will be able to get your files back. There have been many reports of ransoms being paid and the decryption did not work. The result was that the hackers got their money and the files were not recovered. It is better to engage in an IT company that may be able to decrypt the files for a much lower price.

Securing your network is not optional unless you feel like taking the risk of losing your customers, reputation and business.