Cyber lessons for employers after the Atlanta ransomware attack
In late March 2018, the City of Atlanta was hit by a ransomware attack, a breach that crippled computer systems in a variety of critical areas and forced the shut down of numerous departments and organizations. While businesses were not the focus of the assault, employers should take note and ensure they have a robust cyber security strategy in place.
Generally, ransomware attacks come in three phases. In the first phase, hackers scan the internet for vulnerable servers with weak passwords or poor security protocols. Once a server is identified and hacked, invaders will next try to find its most valuable databases, files or email accounts. Phase three is the actual ransomware attack, which prevents users from accessing the server unless a ransom is paid. In the Atlanta case, attackers demanded six Bitcoin (or $50,000) to unlock the entire system.
Employers aiming to avoid this frightening scenario can take a few simple steps to make certain their networks are safe. To begin, companies should secure their management services on servers exposed to the outside world. Experts suggest using a virtual private network (VPN) to safeguard web traffic and provide an additional layer of protection against attack, an especially important step for remote workers accessing public Wi-Fi networks. Any network should have two-factor authentication enabled, which requires not only a password but another identifier - like a unique code generated by a mobile device - before the system can be entered.
Additionally, these networks must be continually updated to keep up with new attack methods hatched by cyber thieves. And while reconfigured security mechanisms are critical, it's just as vital to teach employees how to identify risky emails or choose a good password. For instance, longer passwords with special characters such as $, # or & are preferable to short passwords comprised of common phrases.
Should your network become compromised by a ransomware attack, most experts say to never pay the ransom, because there are no guarantees your files will be returned or the malware will even be removed. Employers facing this situation should immediately notify local police, FBI, and their insurance company. Once the authorities are involved, employers should follow the advice they receive from the experts. The insurance company likely will involve a highly-trained forensics team who will analyze the ransomware to determine if data is recoverable, as some ransomware may be decrypted with specialized tools. However, some ransomware assaults are designed so that not even the attacker is able to decrypt the files, whether or not the ransom is paid.
Regardless of the details, the Atlanta ransomware attack should be a warning sign for companies interested in protecting their online assets moving forward.
OPENonline is a trusted source for comprehensive background screenings. For more information, visit our website.