At first blush, many of us would see this article and immediately file it away in the back of our minds as yet another example of the pervasiveness and destructive nature of ransomware. To be honest, we would not be wrong to reach that conclusion, but I want to challenge you to read a little closer this morning. There is a small ray of hope in this article that can be easily overlooked. The governor of Louisiana is declaring a state of emergency because of these ransomware attacks, but he is doing so because the state of Louisiana has a plan!
The state of Louisiana has a Cybersecurity Commission and a well defined, properly tested and well funded incident response plan. They are prepared to respond to and address these ransomware outbreaks. Resources from state police, the Governor’s office of Homeland Security and the Louisiana National Guard are being coordinated and rallied to the cause of mitigating these attacks. That fact is both noteworthy and exciting. Preparation and proper incident response is an absolutely vital component to any cybersecurity program. Far too often, organizations find themselves shocked, flat footed and lost when ransomware strikes. But not in the Bayou state. Kudos to Louisiana for having a plan!
This has been ongoing for some time. This article provides a good overview of the plight facing the city of Baltimore. At the end of the day, the situation boils down to a cost benefit analysis weighing the downtime associated with the ransomware attack versus the cost of the bitcoin ransom itself. Then there is the added layer of whether it is prudent or legally advisable to pay a ransom of this type.
In these situations, it is important to remember the layers of protection needed to mitigate these types of attacks against any organization. You should have a strong, flexible endpoint protection solution in place capable of detecting a ransomware infection and stopping its spread. You should also have a sound backup and recovery solution in place with a frequent RPO (recovery point objective) and a very short RTO(recovery time objective).
Learn from this situation in Baltimore and prepare!
I continue to see more and more of these scare tactic emails arriving in the mailboxes of friends, customers, and colleagues. These are, admittedly often well crafted messages designed to play on the darkest fears of humanity and they utilize some very basic techniques to build a sense of legitimacy.
This article provides a good overview of the attack/phish and hopefully will ease some concerns.
For all my friends at a financial institution, this article should cause you to pause and and ponder for just a moment. Ransomware is not going anywhere. Advanced malware protection, user training, sound tested backups and overall diligence are vital to safety and security.
Raise your hand if you were surprised by the finding in the report pointing to ransomware as the most significant and growing threat in the malware space. Not many hands up in the air. We all know ransomware is a serious and ever evolving problem. It is time we ramp up our ITSec to head this threat off. Build reliable, tested and frequent backups. Segment your networks. Prepare!
This is a truly sobering report and points to the need for focused planning and preparation when considering cyber threats in critical industries. Hospitals can be viewed as microcosms of a larger threat. If critical infrastructure was significantly hampered due to an attack and the response was slow or inadequate, we could see injury and death on a truly massive scale at the local, regional or even national level.
Atlanta continues to struggle in the aftermath of their ransomware attack. The timing for the city is difficult in the wake of the NCAA basketball tournament. This article is interesting in that officials are speaking concerning the attackers. I look forward to more details down the road.