It doesn’t take long – one accidental click on a phishing email and the next minute your entire network of workstations and laptops are encrypted. As a result, you’re now unable to access the data required to operate your county or city because you’ve just become the most recent victim of a Ransomware attack.
Unfortunately, this scenario has become commonplace – particularly among businesses and government entities.
Local TV station WBNS of Columbus recently reported that Licking County’s government computer system was forced to shut down all its computers and quarantine its network until a mass infection of more than 1,000 computer systems were scrubbed and returned to working order. In the meantime, the county was forced to utilize manual alternatives to operate all county services until the clean-up was complete.
Read Also: Could Your Entity Survive A Ransomware Attack?
Understanding the scope and ease of this type of infection is critical if you stand any chance of preventing one from infiltrating your network. Oftentimes, it starts with a phishing scam. A fraudulent email is sent out randomly to trick a user to open it and click on link or attachment. Another way scammers can gain access to your network is by embedding the malicious program into a seemingly harmless website. (That search for the award-winning mayonnaise recipe that you love so much suddenly doesn’t seem so innocent, does it?!)
In its Oct. 23 blog post, KnowBe4, a security company, reported that Doug Olenick at SCMagazine found a version of the Locky Ransomware infection.
After lying dormant for a few weeks, according to the report, the infection bounced back with a vengeance on Oct. 24 with 14 million Locky-laden emails being pumped out in just about half a day.
With 14 million infectious emails discovered in a half day can we even begin to imagine the number of infections that are sent into the wild over a month? What about a yearlong period?
To prevent your government entity from becoming victimized by cybercrime, we make our clients aware of several data protection best practices, including recommendations to:
- Segment your network to keep departments isolated from each other.
- Isolate and secure workstations that are used for online banking.
- Isolate (on a separate internet connection if possible) any law enforcement workstations that are used to investigate internet sites for malicious behavior.
- Implement employee training either by having in-house events, email updates or contracting to a third party service provider such as KnowBe4.
- Limit the user access rights to employees to only data that is required by them to complete their jobs.
- Use third party application to prevent the unauthorized installation of new applications to workstations and servers.
- Multiple layers of web and email filtering, sandboxing, black and white listing of internet URL sites maintained by a service organization.
- Workstation monitoring of virus detection applications are being updated routinely.
- Maintain a Disaster Recovery/Business Continuity plan that includes the testing of offsite data for accuracy and completeness while maintaining limited access to the data to avoid additional compromise.
There is no “single silver bullet” to protect your entity from a Ransomware infection, that’s why the best way to protect your entity’s data is to stay informed and to implement new and improved data security measures as they are released. Are you wondering whether you have the right protections in place? To learn more about Rea’s Secure Check service, which will provide you with a comprehensive review of your entity’s current security environment, email Rea & Associates.
By Travis Strong, CISA (Wooster, OH)