As news broke today that the FBI is investigating a ransomware attack on the city of Atlanta that shut down city government systems, IT security experts commented below.
Israel Barak, Chief Information Security officer at Cybereason:
If WannaCry, NotPetya and BadRabbit taught us anything in 2017 it is that ransomware attacks can have devastating effects on for profit organizations and consumers. Individually, the NotPetya attack cost organizations in access of $1.2 billion dollars. Globally, our estimates show that organizations and consumers paid more than $10 billion in ransoms in 2017.
While investigators explore the root cause of the ransomware attack in Atlanta, local and federal law enforcement agencies will piece together characteristics that show the tactics, techniques and procedures used to lock down many servers in Atlanta.
The best advice for organizations to prevent ransomware from victimizing their businesses is as follows:
- Maintain up to date backups of important files and regularly verify that the backups can be restored
- Refrain from downloading pirated software / paid software offered for ‘free.’
- Don’t download software from dubious sources.
- Don’t download key-gen / password cracking / license check removal software
- Don’t open email attachments from unknown / unexpected senders
- Deploy anti-malware and anti-ransomware tools
Sam Elliott, Director of Security Product Management at Atlanta-based Bomgar:
“Ransomware attacks are a reality for many businesses, and unfortunately, this instance is likely not the last. However, there are steps organizations can take to protect themselves which includes adopting least privilege or zero trust security postures, implementing robust procedures for patching software and technologies against security vulnerabilities. Maintaining a regular patching routine closes potential holes in an organizations’ infrastructure, keeping attackers at bay. Infrastructure teams should also better segment their IT systems to prevent future malware from spreading laterally through connected networks, to prevent potential for extensive damage.”
Matt Walmsley, EMEA Director at Vectra:
“Ransomware spreads like wild fire, and is the most time critical of cyber threats. The ability to detect the pre-cursor behaviours if ransomware is the only way to get ahead of the attack. Unfortunately that’s almost impossible to do using traditional manual threat hunting techniques. That’s why forward thinking enterprises are increasingly using an automated approach, using AI powered threat detection. You need to detect and respond at machine speed.”