“I would’ve never dreamed this could’ve happened,” Lake City mayor Stephen Witt told his local news station, “especially in a small town like this.”
But that’s exactly where it’s happening.
Lake City is one of dozens of small towns across the country that have lately fallen victim to an onslaught of ransomware attacks unlike anything seen so far.
Ransomware attacks peaked in 2017 and then seemed to taper off a little. But since the start of this year, scores of local governments and health care providers have been crippled by attacks, many in the span of a few months. In fact, attacks on health care providers have never let up.
In many cases, investigators and IT professionals are still working to restore data, restart public services, and identify the “threat actors.” Some agencies paid hundreds of thousands of dollars to retrieve their data.
Here are six lessons we can learn from these attacks. Lessons to improve your organization’s ability to survive — or better, prevent — a ransomware attack.
Who Got Hit?
First, here’s a quick rundown of the most prominent attacks to hit the United States this summer:
Texas (August 19) — Public services were disrupted or shut down in 22 small towns across the Lone Star State in a single weekend. The perpetrators demanded a total of $2.5 million in ransom.
Louisiana (July 25) — A weekend attack on three school districts impelled the governor to declare a state of emergency.
Maryland & Florida (June) — The city of Baltimore and two small Florida cities were hit within the space of two weeks. One paid nearly half a million dollars in ransom.
Health Care Providers (June) — Five health care providers in Colorado, Utah, and other states were attacked just a week after another provider paid $75,000 for the release of its files and systems.
New York (April) — This was technically before summer, but it’s part of the trend. The state capital of Albany lost access to many public services and internal functions.
6 Things You Can Do Now
Many details about the attacks remain unknown or not public. But some things we do know reveal both vulnerabilities and precautions you can take for addressing them.
1. Bring in experts.
In nearly every case, the affected agencies and providers needed to call upon outside help to get them up and running again.
Cybersecurity is a constantly evolving cat-and-mouse game between attackers and defenders. A managed IT service provider (like PC Professional) has current and specialized knowledge that can be of great use to overwhelmed in-house IT departments.
A managed services provider can help you recover from a ransomware attack, but more importantly, can help you protect yourself before one happens.
2. Back up your data.
This may be the most fundamental lesson of all. Without backups, your critical data simply can’t be restored after a ransomware or other cyberattack. You can’t restore what doesn’t exist.
In general, follow the “3-2-1 rule” for making backups: three copies on two different media, with one of them stored offsite.
A hybrid backup system like Microsoft Azure makes frequent backups in multiple places, so there’s always a copy you can access.
3. Update your systems.
Local governments and school districts are easy targets because they’re often stuck with old computers and outdated software.
Old hardware and software make you more vulnerable to cyberattacks. Firewalls and anti-virus software quickly become ineffective against new and ever-changing threats. The same is true of computers, servers, and other hardware.
4. Consider a hybrid cloud infrastructure.
When all your servers and storage are at your office location, everything can be attacked and compromised quickly. This is the situation with many local governments.
A hybrid cloud infrastructure mixes on-site and off-site servers to ensure that some remain physically insulated from attacks.
This arrangement helps with restoring data after a cyberattack, natural disaster, or any type of outage. On-site backups help you get up and running quicker, while off-site backups handle the full restore if local data is lost.
5. Have a comprehensive plan.
Ransomware spreads quickly, but not immediately. That means you could limit the damage if you have an incident response plan.
A Disaster Recovery Plan and Business Continuity Plan are also essential, and not just for cyberattacks. A natural disaster could destroy your equipment, disrupt Internet access, or shut down your power. Any of these could bring your operations to a halt.
Hybrid cloud backup provides some insurance for your technology. But your recovery and continuity plans need to encompass all aspects of your business.
6. Educate yourself.
All the best technology in the world won’t protect you unless the people in your organization understand the threat of cybercrime, how to recognize it, and how to respond. Indeed, most data breaches are traceable to inadvertent human error inside the organization.
The threat of ransomware and other cybercrime is very real and getting worse. You need an experienced IT services provider on your side.
PC Professional can train your team as well as fix your technology. Get in touch today to find out how.