In May, the city of Baltimore was crippled by a ransomware attack. The city’s voicemail, email, parking fines database, and billing systems were all taken offline. As more news of the attack surfaced, we learned that the tool used in the attack, EternalBlue, targeted a year-old vulnerability and that this wasn’t the first time Baltimore had dealt with ransomware.
At the time of writing, Baltimore is still recovering. According to the Baltimore Sun, at least one city official has been indicted on charges of fraud, taking advantage of the attack to pocket nearly five hundred dollars of cash. The city’s IT department also lost dozens of timesheet records due to the ransomware.
No backups. Inadequate network monitoring and threat detection software. Outdated software and systems. Nearly everything the city could do wrong, it did, short of actually paying the ransom.
The Baltimore attack was just one more in an epidemic of ransomware targeting state and municipal governments, says CNet. As reported by City Journal Magazine, this includes 23 cities in Texas. More recently, at least four major cities have joined that ever-growing list of victims.
New Orleans, Louisiana; Pensacola, Florida; Galt, California; and St. Lucie, Florida were all hit last month, says CBS News. While it’s unclear if all four were connected, one group, known as Maze, has claimed responsibility for the Pensacola attack. Cybersecurity firm Deloitte has been hired by the city to investigate.
At this point, one thing is clear. This problem is not going to go away. Ransomware will continue to sweep through both the private and the public sectors.
And the organizations that suffer the most damage at its hands will be the ones that are caught unprepared.
In the case of the New Orleans attack, the city actually handled itself quite well. As reported by news aggregate MSSP Alert, officials detected suspicious activity on its networks shortly before the attack occurred on Dec. 13. A few hours later, by 11 a.m., the city’s IT department had notified all staff, advising them to power down all devices and disconnect them from the city’s network.
The city has also announced that it indents to raise its cyber insurance coverage to $10 million in 2020.
The city’s response to this attack wasn’t perfect. But it was better than how Baltimore reacted. And along with what Pensacola did, it touches on several things we’ve long maintained are critical to defending against ransomware.
These include:
- Keeping all systems up to date.
- Maintaining a network in which systems can be easily air-gapped or disconnected in the event that they are compromised.
- Maintaining network monitoring processes that immediately alert you to suspicious activity.
- Paying out for cyber-insurance that includes ransomware under its umbrella.
- Bringing in external experts to cover any knowledge and talent gaps.
- Staying abreast of new attack vectors and techniques used by cyber-criminals.
Ransomware is one of the oldest breeds of cyberattack, yet it’s also one of the most successful. The good news is that protecting yourself against it is simply a matter of preparation. The more you know and the more measures you take to protect your network, the less likely you’ll be to suffer an attack.