Atlanta Ransomware Attack: Lessons Learned for Your Business

Next story

On Thursday, Atlanta Mayor Keisha Lance Bottoms announced at a press briefing that the City of Atlanta’s computer network had fallen victim to a ransomware attack that has encrypted some of the city’s data. Attackers are demanding 0.8 bitcoin (roughly $6,800) per computer or six bitcoin ($50,000) for keys to unlock the entire system.

In light of these developments, ESET offers the following recommendations to keep your business secure from ransomware attacks.

How Does Ransomware Work?
In many cases, ransomware attacks follow a series of similar tactics when affecting businesses:

  • Phase 1: Gain access. Attackers scan the internet for vulnerable servers, often attacking weak passwords on servers, exposing the Microsoft Remote Desktop Protocol service to the internet. These operations are usually not targeted against one organization — they cast a wide net.
  • Phase 2: Observe. Attackers explore the network surrounding the hacked server and move laterally in the environment to understand where they are and what resources can be compromised (databases, email servers, file servers, etc.).
  • Phase 3: Attack. The attackers deploy ransomware on all the relevant compromised assets at the same time and demand a ransom that can be adjusted based on the type of organization they attacked. The larger the organization, the higher the ransom.

What Should Companies Do to Stay Secure?
ESET recommends a few easy steps to stay secure from ransomware attacks:

  • Secure any management services on servers exposed to the outside world. Use a virtual private network (VPN), which secures your web traffic and is especially important for remote workers who may be using public WiFi networks. Enable two-factor authentication, an extra layer of security that not only requires a password (which may have been compromised), but also another identifier (such as a unique code generated on your mobile device). For more detail on two-factor authentication, backup and other security must-haves, watch our webinar “Beyond Endpoint Protection.” Lastly, we recommend running multilayered endpoint protection wherever possible to protect your devices.
  • Keep offline backups. This is the only sure way to mitigate a ransomware infection.
  • Do not pay any ransom. ESET never recommends paying a ransom because there is no guarantee your files will be returned to you or that the malware will be removed. Careful analysis of the ransomware must be done to determine whether or not the data can be technically recovered. Some ransomware has poor cryptography implementations, allowing decryption with specialized tools. However, in other cases, ransomware attacks are built so that even the attacker is not able to decrypt the files, regardless of a ransom being paid or not.

Next, get the latest updates on ransomware and how to best protect your business from this increasingly-common threat. Watch our webinar, "Ransomware Today: What's New, What's Coming Next."

ESET has cleaning tools, including some ransomware decryptors, available to help you find and repair the damage inflicted in the latest attacks. Find them here.