County, a county east of Columbus, Ohio, recently experienced a bad ransomware attack on its IT systems. Ransomware is a specialized virus that encrypts files—making them nearly
impossible to access unless you pay criminals a ransom. Cybercriminals use
ransomware to extort money in return for unlocking your files. Many
organizations pay the ransom despite the FBI and other law enforcement agencies
recommending against it.
Licking County managed to mostly survive the attack based on implementing some
important best practices. Let’s look at the good, bad, and ugly of this
situation to extract some important lessons.
difference between getting crippled and devastated by a ransomware attack
versus surviving it relatively unscathed all comes down to data backups.
Licking County ended up losing only about one day’s worth of data for most
systems. Another county referenced in the article ended up paying a ransom of
$2,500 to cybercriminals because they did not invest in data backup.
To stop the
spread of the ransomware, Licking County shut down its network. Clearly, the
county had a plan in place and enacted it when the ransomware virus hit. By
planning ahead, they were best prepared for what to do to keep the virus contained
and to minimize impact.
As part of
its disaster recovery plan, the county rebuilt its systems based on the highest
priority data first. The article references data such as “servers that house
felony-case tracking for the prosecutor's office and the auditor's
property-records database.” Any disaster recovery plan needs to have a clear
plan as to how data will be restored—and in what order of priority.
County is a big county and so it needs to reformat about 1,000 computers as
part of its rebuild. That takes a lot of time. Even smaller organizations will
need to spend significant time rebuilding servers and reformatting computers.
the costs of billable IT time and possibly enhancing networking equipment and cyber
protection software can present a big hit to your budget. Indirectly, lost
productivity wastes expensive employee salaries and potentially delays major
projects when time is ticking.
disaster, a crippled government entity will not be able to serve citizens at
full capacity. The mission of government gets impacted when ransomware hits. County Commissioner Tim Bubb says, “We have lost a large part of our
focus on serving the people of Licking County. What price do you put on
A Columbus Dispatch article mentions that the county needs to shore up its “firewall and
network connections.” An improperly configured firewall can leave ports open
that allow hackers to easily gain access to servers and steal information. Setup
of switches, routers, and other networking equipment also impacts security.
The same article mentions that the county needs to
encourage employees to change passwords more frequently. In a recent blog post, we said, “The longer a password is
in use, the more likely that hackers will be able to crack it. The more you
change passwords, the more difficult you make a hacker’s job.”
An article published in the Newark Advocate the day after the incident stated
“...the 911 Center has been operating in manual mode since late Tuesday night.
The 911 Center phones and radios work, but dispatchers do not have access to
their computers. The public can still call 911 for emergency police, fire or
completely shut down, any impact to 911 or other critical emergency services
can literally affect lives in the wake of a ransomware attack.
One of the
biggest cybersecurity threats is people. No matter how great your data
backups, antivirus, firewalls, and security measures, hackers and
cybercriminals still often break into a government entity through people
clicking on suspicious websites and email attachments.
paragraph in the Columbus Dispatch story:
Fairfield County started working last
year to tighten procedures to guard against the type of cyberattack that
occurred in Licking County, said Fairfield County IT Administrator Randy
Carter. He said he was dismayed when he sent a test phishing email to county
employees in September and more than 25 percent clicked on it. Carter plans to
provide training to employees on what emails to avoid.
One in four people got fooled by these dangerous emails. Each click on one of
these emails opens you up to the threat of a virus or ransomware.
grow more numerous and targeted. Government entities are ripe for these
attacks. That includes cities.
If you need
help protecting yourself from a ransomware attack, reach out to us today.
Our Focus | Products | Resources | Company | Contact | Sitemap | Login
© 2009-2017 Mimsware Corporation, all rights reserved. Sophicity®, "We put the IT in City”, and the Sophicity logo are registered trademarks of Mimsware Corporation d/b/a Sophicity.