It was announced on August 16th that 22 Texas cities were attacked and infected with ransomware, rendering many of their municipal IT systems unavailable to conduct daily business. The mayor of one of these cities has said the ransom request was $2.5 million to unlock their files. The Texas Department of Information Resources believes this was a coordinated attack by a single threat actor. Source: https://dir.texas.gov/View-About-DIR/Article-Detail.aspx?id=209
We will likely get more details about how these networks were infected, but this incident should be a reminder to continually evaluate your cyber security risks and follow best practices to ensure your business or financial institution is protected.
Below are a few comments and recommendations to consider as you examine your cyber security posture.
You don't have to be a big business to be a target
We've seen an increasing number of cyber attacks and ransomware infections directed toward small businesses where the bad actors see them as "low hanging fruit" with limited cyber security defenses. The cities listed in the recent news articles about this event are relatively small - less than 10,000 residents.
Most of these attacks rely on email phishing to gain access
A good email filtering solution is a good start, but on-going employee training and testing is critical to help them recognize potentially malicious emails. There are several tools availalble like the Tandem Phishing solution (https://tandem.app/phishing-security-awareness-software) to help design and implement a phishing plan.
Traditional Anti-Virus solutions are not good enough
Many small businesses are still relying on traditional signature-based AV solutions. These products are not sufficient to protect against the latest malware. New products such as CylancePROTECT are more effective for stopping attacks by using machine learning instead of a bulky signature database.
Monitor your network
Our IT environments are under constant attack from bad actors around the world. This is an unfortunate fact of life today. An effective monitoring solution like CoNetrix Network Threat Protection is one of the security layers that every business should implement to help identify these attacks, and help them react quickly to prevent or limit potential damage.
Incident Response is important
While we apply controls to protect against incidents, it is important to have a plan in the event of an incident occurs. If you have a documented Incident Response plan, great! Now take that IR plan to the next level by regularly conducting table top exercises and penetration testing to validate and improve it.
Backups should be a last resort
Ideally, if several security layers are in place then restoring from a backup won't be needed. However to ensure your backup is safe from being encrypted by ransomware it should be "air gapped" from the primary network. This means the backup data should be offline or not directly accessible for the malware to encrypt. Historically this has been done using removable media like tapes, but today it is much more efficient and cost-effective to use a cloud backup service. Many of these services (like CoNetrix AspireRecovery) provide a cloud backup with an option for disaster recovery services.
No enterprise has to be a victim to ransomware. With proper planning and intentional practice, you CAN protect your network. While there is an investment associated with implementing appropriate controls and practices, the return on investment is well worth it if you protect against just one attack, not to mention the peace of mind you gain.
Contact CoNetrix Sales if you would like more information about protecting your network.