We are living in a time where ransomware is so prolific and dangerous. Opportunistic hackers find new and devious ways to infiltrate systems and seize data and applications to collect a bounty. Recent reports demonstrate that, with one finding that 89% of organizations had been the target of one.
What’s even more alarming is that ransomware is now a threat to public safety, as cities, transportation operations, and healthcare are at the receiving end of these attacks. Ransomware is no longer some abstract thing that’s flying under the radar. To illustrate the mainstream threat that ransomware is now, let’s look at the recent Dallas cyber incident.
The City of Dallas Experiences Major Ransomware Attack
On May 3, the city of Dallas, Texas, was in the headlines for all the wrong reasons. They were the victim of a ransomware attack that crippled the city’s operations, including problems with residents using various online services. Additionally, libraries were offline, and the police department could not access some data. Municipal courts were also unable to hold hearings.
The attack considerably affected the city and its citizens, and returning to normal was a long process to achieve complete restoration. Cleaning up after a ransomware attack is messy and complicated. There are a lot of practices and steps that must be initiated and completed to recover fully.
City officials did not comment on if they paid a ransom. Instead, they said they were working with the FBI to investigate the crime. Additionally, they issued a statement that they had no knowledge of a data breach or leak, although the possible culprit behind the attack, Royal, threatened to release personal information.
The officials did share some information about what happened on May 3. After they became aware of the compromise, they proactively took other systems offline to prevent the spread. Prevention of ransomware attacks is a challenge for any cyber team, and public entities like cities don’t always have the funding and resources to be as cyber secure as some private companies.
Unfortunately, this isn’t the only entity dealing with ransomware threatening public safety. Just days ago, a U.S. cancer center experienced an attack, which limited its care capabilities. The TimisoaraHackerTeam (THT) claimed credit for this, and the U.S. Department of Health & Human Services (HHS) issued a notification about this group just days before the latest attack.
Transportation has also become an attractive target for cybercriminals. Washington state public bus systems acknowledged a ransomware attack on February 14, 2023, which disrupted some systems.
While most hackers are looking for a payday, there’s also the emerging concern over hacktivists causing havoc on infrastructure. The conflict between Ukraine and Russia has been a hotbed for such activity.
The potential to harm the public is significant in a digital world where we depend on systems to facilitate our everyday lives, from riding the subway to receiving care.
Is there any surefire way to prevent these attacks? There’s not one single path, strategy, or approach that will quell every ransomware attack. They are too complicated and prevalent. What matters the most is being proactive.
The Proactive Approach to Preventing Ransomware Attacks
If you want to protect your organization from ransomware, you have to transition to a proactive stance. Live with the fact that it’s when, not if, such an incident will occur. If you do, it changes how you see the threat landscape. It’s a strategy and mindset shift. Here are some elements that support this change.
- Back up everything and keep these backups in a different location than your primary servers.
- Leverage AI tools and human intelligence to monitor and identify anomalies.
- Encrypt data while in transit and at rest.
- Improve endpoint security and know all the assets on your network.
- Scan email to minimize the number of phishing scams that make it to a user’s inbox.
- Create a culture of security where every person has responsibility and accountability.
- Ensure every application on your network receives automatic updates and patches.
- Develop strict access management policies based on zero trust architecture.
- Test your disaster recovery and business continuity plans at least four times a year.
- Hire an outside firm to conduct pen testing at least twice a year.
All these things put you in a good position to stop ransomware attacks. However, don’t forget about the people and their potential to either be a strength or a weakness. Ransomware is often the consequence of a breach of access or infection through phishing, so training for all staff is imperative, along with other controls.
You also need to develop your cyber team to be just as nimble as hackers when launching attacks. This may be the most challenging aspect of a proactive approach. They need to emerge from black-and-white thinking to consider all the possibilities. They need to be reflective, communicative, and collaborative. With these transformations and a robust, proactive strategy, you may elude cybercriminals and become much more agile than hackers.
