As news broke today that the FBI is investigating a ransomware attack on the city of Atlanta that shut down city government systems, IT security experts commented below.
Israel Barak, Chief Information Security officer at Cybereason:
If WannaCry, NotPetya and BadRabbit taught us anything in 2017 it is that ransomware attacks can have devastating effects on for profit organizations and consumers. Individually, the NotPetya attack cost organizations in access of $1.2 billion dollars. Globally, our estimates show that organizations and consumers paid more than $10 billion in ransoms in 2017.
While investigators explore the root cause of the ransomware attack in Atlanta, local and federal law enforcement agencies will piece together characteristics that show the tactics, techniques and procedures used to lock down many servers in Atlanta.
The best advice for organizations to prevent ransomware from victimizing their businesses is as follows:
Maintain up to date backups of important files and regularly verify that the backups can be restored
Refrain from downloading pirated software / paid software offered for ‘free.’
Don’t open email attachments from unknown / unexpected senders
Deploy anti-malware and anti-ransomware tools
Sam Elliott, Director of Security Product Management at Atlanta-based Bomgar:
“Ransomware attacks are a reality for many businesses, and unfortunately, this instance is likely not the last. However, there are steps organizations can take to protect themselves which includes adopting least privilege or zero trust security postures, implementing robust procedures for patching software and technologies against security vulnerabilities. Maintaining a regular patching routine closes potential holes in an organizations’ infrastructure, keeping attackers at bay. Infrastructure teams should also better segment their IT systems to prevent future malware from spreading laterally through connected networks, to prevent potential for extensive damage.”
“Ransomware spreads like wild fire, and is the most time critical of cyber threats. The ability to detect the pre-cursor behaviours if ransomware is the only way to get ahead of the attack. Unfortunately that’s almost impossible to do using traditional manual threat hunting techniques. That’s why forward thinking enterprises are increasingly using an automated approach, using AI powered threat detection. You need to detect and respond at machine speed.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.