After Atlanta SamSam Ransomware Attack, Learn How to Better Protect your Agency

Another day, another government ransomware victim. On March 22nd, 2018, the city of Atlanta found itself locked out of computers across government offices and facing a ransom demand of $51,000 or $6,800 per computer, GCN reported.

The attack affected internal systems and citizen-facing apps that residents use to pay bills and access court-related information. The city is working with the FBI, Department of Homeland Security, and Microsoft and Cisco’s cyber response teams to understand the impact and if computers can be unlocked.

Fortunately, Atlanta’s cloud-first strategy saw many of its critical systems hosted on another infrastructure “…that is more secure and clean,” said Interim CIO, Daphne Rackley.

The attack on Atlanta is nothing new. WannaCry, which first reared its ugly head in May of last year, is still wreaking havoc on government systems. In February 2018, it made its way onto 160 computers across Connecticut government agencies. Other government victims include the Sheriff’s Office of Carroll County, AK; Montgomery County, AL; and Mecklenburg County, NC.

But even cloud-hosted systems aren’t infallible. As we reported here, new ransomware variants contain code that can attack unmapped network drives and even cloud-stored assets that aren’t in your average backup routines.

What else is new in the world of ransomware? DLT partner, McAfee, has the worrying scoop:

Ransomware is skyrocketing. McAfee saw a 59% increase in ransomware in 2017.

Paying the fines isn’t always a good idea. Only half of all victims who pay-up actually recover their files.

A ransomware marketplace offering off-the-shelf malware has emerged. Would-be ransomware thieves don’t have to be tech-savvy anymore and can buy malware on the dark web, generating profit for developers, who can also demand a cut of the ransom proceeds.

Mobile is the next lucrative target. Thieves are now setting their sights on the massive and profitable mobile market. The DoubleLocker strain aimed at Android both encrypted user data and changed pin codes.

Pseudo ransomware is on the rise. New malware that uses ransomware as a cover, such as NotPetya, can do even more damage and can be spread without tricking users to download it, evading traditional detection techniques.

What can you do to protect your government agency or organization against ransomware? Follow these tips:

Keep current on the latest threats, so you know what to look out for.

Familiarize yourself with decryption tools.

Backup your data. Both in the cloud and on external hard drive.

Ensure your security systems are up-to-date and patched.

Go beyond a signature-based endpoint protection, which is inadequate at detecting ransomware before it strikes, by using a solution that uses indicators of attack (IOAs) to identify and block even unknown ransomware in the early stages of an attack, before the damage is done.