April 5, 2018
Webinar Series: Purple Teaming - Validating Detection & Response Capabilities
Every ransomware attack is devastating to the organizations affected. But they have the potential to teach valuable lessons to you and your organization about malware and endpoint security, and they can help you reflect on your current threat management strategies. Read on to learn about the recent Atlanta ransomware attack and how you can build on the knowledge gained to shore up your company's security.
On March 22, 2018, the city of Atlanta's computer systems were hit by a major ransomware attack. This malware, called SamSam, propagated rapidly over the city's computer networks, affecting several departments. SamSam holds the user's data for ransom unless the affected parties pay $51,000 in Bitcoin for every affected computer. Many SamSam attacks have targeted public safety infrastructure, likely because its vital nature means public servants may be more willing to pay the ransom.SamSam quickly brought Atlanta to its knees. Systems that process payments from residents and businesses went down, hamstringing the city's ability to take in revenue. Several critical services, like police and other emergency response services, were markedly less efficient than usual, as these departments processed information via pen and paper reports. Many government employees have lost years of critical data.To the frustration of many computer security experts, Atlanta had plenty of warning that this attack was coming. In one incident, a computer was infected with WannaCry, which is comparable in effect to SamSam. While Atlanta's critical threat analysis experts likely advised the city take decisive actions to reduce the threat malware posed, it seems like the city's employees didn't take the actions necessary to protect against the impending SamSam attack.
Thankfully, it's easy to learn from this and other cyber attacks. While many of the lessons gleaned from the Atlanta attack are common refrains in cybersecurity circles, many companies and organizations fail to implement this advice.
If one computer on your company's network is vulnerable, it's likely others are, too. And if they weren't affected by an attack, this may be luck rather than a sign of your business's excellent cybersecurity.Consider any attacks or attempted attacks your organization suffers to be wake-up calls. If an attacker is targeting your organization once, it's likely they'll target it again, especially if they got through the first time.
Regular backups won't stop ransomware attacks, of course. But even though Atlanta is describing the SamSam attack primarily in terms of whether the data was compromised, the real danger of ransomware is that critical data becomes inaccessible. If your organization is backing up data every night, then if you're hit by a ransomware attack you'll still have your data.
Especially if a system is exposed to the public, it needs to be patched regularly. Several of the Atlanta systems affected by the recent SamSam attack had critical security vulnerabilities that hackers easily exploited. The attack wouldn't have been so easy — and might have even been impossible — if Atlanta's experts had kept critical systems patched.Atlanta's recent SamSam attack has devastated much of its critical infrastructure. You shouldn't let the same happen to your company. By staying abreast of hackers through patching your systems, backing up your data and being aware of threats against your organization, you can protect your systems and data from ransomware and other critical malware threats.Learn More About Managed Detection & Response
Security news, tips, webinars, and more straight to your inbox.
