Imagine calling 911 because a friend or family member suddenly collapsed and has become unresponsive for no apparent reason. Intuition tells you that time is of the essence, and based on prior experience, the operator on the other end would quickly confirm that an ambulance is on its way.
But this time, the confirmation is long in coming. Unbeknownst to you, the computer-aided dispatch system — the one 911 staff use to coordinate efforts between telephone operators and dispatchers of ground personnel such as police officers, EMTs, and firefighters — has been rendered unusable by ransomware. As emergency workers resort to taking notes by hand and tracking emergency responders’ locations via paper logs and printed maps, your anxiety builds.
Unfortunately for some Americans, they don’t have to imagine such a nightmarish scenario because they experienced it for themselves. Just nearly a year ago, the 911 dispatch center in Jackson County — among many other agencies and departments — went dark. And because the county had no backups to restore their network, and it would take months (and as much as $17 million) to build a new one and restore operations, officials paid hackers $400,000 for the decryption key that immediately set their IT systems free.
Jackson County ought to be thanking their lucky stars, because there have been many cybercriminals who received ransom payments in exchange for decryption keys that did not work. Not that such hackers could be trusted to be scrupulous to begin with — they tend to deploy malware that can spread indiscriminately so that they can get the maximum benefit with minimum effort.
Did you know?
Psychologists have posited that cybercriminals are disinhibited from doing reprehensible acts that cause pain and suffering because their victims are faceless, have no ability to retaliate, and are thusly dehumanized.
It also doesn’t help that people judge the degree of harm caused by events such as cyberattacks based on their emotions. According to a study, people generally don’t emotionally connect as much with events that adversely affect large numbers of people as they do with smaller groups or individuals. This means the social consequences for large-scale hacks are paradoxically less severe than for those that target individuals, which adds to the disinhibition of cybercriminals.
They’ll even keep using the same strain of ransomware for as long as there are networks and systems that are vulnerable to it. Case in point: the IT team of Georgia’s Administrative Office of the Courts (AOC) found a Ryuk ransomware infection in its network — the same kind that wrought havoc upon Jackson County a few months prior — during a routine security assessment. That team, in coordination with the Georgia Technology Authority and many other state and federal agencies, took the affected network offline to prevent the infection from spreading.
Here’s what Georgians must do before, during, and after a ransomware attack
Before an attack happens, take these preventive measures:
- Always install the latest security patches and software updates for all your apps and operating systems as soon as these patches and updates become available.
- Use the latest malware detection programs.
- Implement advanced cybersecurity measures such as mobile device management (MDM) and identity and access management (IAM).
- Train personnel on cybersecurity best practices.
Since online threats are always evolving, the probability of being infected with ransomware, despite your preventive measures, is always rising. Therefore, it is best to follow these procedures to prepare for ransomware attacks:
- Implement network monitoring schemes that look for both security vulnerabilities and actual infections.
- Create, implement, and test backup systems in case servers or entire networks have to be brought offline.
- Have fallback infrastructure ready for when you want to shift unaffected operations to new server environments and avoid yet-undiscovered infections in the existing infrastructure.
During a ransomware attack, do the following:
- Scour your network to determine the extent of the attack.
- Immediately bring affected systems offline to prevent the infection from spreading.
- Report the ransomware incident to the relevant government agencies, especially to the Federal Bureau of Investigation (FBI), as they can provide information that may prove useful in dealing with the attack.
- Completely remove the infection by doing a thorough wipe of your storage devices.
Here’s a nontechnical and unconventional step that’s worth trying: Have someone be the face of the victims of the attack. Appeal to the humanity of the hacker by showing that their fellow human beings suffer because of their actions, and they might just rescind their ransom demands as quickly as they made them.
Speaking of ransom demands, do not give in to them. There is no guarantee that paying the ransom will lead to the release of your systems. And even when hackers give decryption keys that work, you are essentially rewarding them for their criminal actions, and they are often just incentivizing you to do repeat business with them. There may be extreme circumstances that make paying the ransom the only course of action left to take, but never do so out of panic. Exercise prudence by heeding cybersecurity experts and your stakeholders.
After the attack, take these steps:
- Use your backups to reinstall your systems. Do not use a System Restore point, as it may have a copy of the ransomware buried there.
- Assess systems for data breaches and notify all affected stakeholders in accordance with data regulations.
- Upgrade your cyber defenses with Athens Micro.
Ransomware remains an ever-present and dangerous threat to businesses and public agencies alike. Contact us to learn more about our comprehensive cybersecurity solutions.
Like This Article?of our most popular posts