The Atlanta Ransomware Attack Wasn’t as Bad as We Thought – It’s Worse

When the news broke about the massive ransomware attack on the city of Atlanta, the details seemed dire yet murky – we knew about court dates getting rescheduled, city job applications getting frozen, and computer systems going down for nearly a week. As the rubble began to clear, we’re now seeing a better picture on the damage that the “SamSam” attack inflicted on to the city:

In a nutshell:

  • The city’s police department reported that most of its video evidence (mostly dashcam videos) have been lost.
  • More than 140 separate applications were totally or partially disabled by the attack (nearly 30 percent of the affected programs were “mission critical”).
  • After an initial estimated cost of $2 million, the city will need an additional $9.5 million to recover

These stats reinforce why city governments are such an appealing target for cyber-criminals – with the potential for tangible disruption, access to citizens’ sensitive information, and with a consistent under-preparedness, it is highly likely that we haven’t seen the end of such attacks on cities.

Unless cities do something about it.

Right now, the vast majority of organizations – public and private – lack a consolidated, comprehensive security architecture that covers cloud and mobile, while relying on reactive threat detection that only works after the damage has been done. Based on our research, only three percent of organizations have cloud and mobile protections on a proactive threat preventative system.

In addition to properly protecting against modern, fifth-generation cyber attacks, we know that Atlanta was hit on an unpatched server vulnerability. Best practices – such as patching – can go a long way to preventing the next major cyber attack. Here are several steps you can take to ensure your organization’s security:

 

Know your infrastructure like the back of your hand

IT environments are complex and expansive, spanning across desktop, laptops, mobile and IoT devices, servers and the cloud. Familiarize yourself with the access points and the crown jewels, and be mindful of how much and what kind of information your system stores.

Whether it’s user authentication and provisioning, administrator access, infrastructure data protection or continuity of operations, every detail in your landscape could lend itself to a vulnerability.

 

Assume that you’ve already been compromised

Vulnerabilities are hot commodities on the Dark Web – cyber criminals might have already bought the valuable information that can get them inside. Act like an immune system: segment your network and examine your company’s internal for lateral moving infections.

 

Hackers aren’t your only threats

Human errors, faulty backups, and social engineering (phishing attacks, for example) can cause just as much damage as a cutting-edge, polymorphic Gen V attack on your network.

With these best practices in mind, and with the right protections for the modern-day, multi-vector Gen V attack, your organization can go a long way to preventing itself from becoming the next major news story. Preventing the cyber-attacks before they happen will prove much more effective than detecting and fixing the damage after-the-fact.

Learn more about Check Point Infinity.