Avoiding the Ransomware Mistakes that Crippled Atlanta

Last month, five of Atlanta's 13 government offices were "hijacked," as the city's mayor put it, by ransomware that disrupted far-reaching facets of the city’s digital infrastructure. From the courts to the police department to public works, government activity was essentially frozen as the hackers gave the city a week to pay the ransom – roughly $50,000 worth of bitcoin – or have critical data and processes deleted permanently.

While the event was eye-catching for several reasons, it's hardly an isolated incident. From Dallas to Denver, hackers leveraging ransomware not unlike the program that hit Atlanta have been able to "hijack" municipal networks largely because these entities were poorly protected.

It didn't take long for security teams to identify the virus in use – SAMSAM – or recognize and partially thwart the attackers' tactics. In fact, when word of the event spread around the cybersecurity community, the portal that the Atlanta hackers had opened to receive their ransom – complete with a countdown clock – was flooded with messages from hackers and cybersecurity pros alike, causing the hackers to take the channel down.

But what made Atlanta such an easy target – even for a relatively common form of ransomware – was its incredibly outdated use of technology in the broader sense. Old computers running on non-supported platforms, for instance, are a characteristic of many municipal operations, as most major cities support such a vast IT operation that updating every digital asset is time and cost prohibitive. This means that cyber vulnerabilities run rampant in local government, threatening the physical and intangible structures that hold society together.

Local governments typically have thousands of connected devices and many mobile employees who frequently connect and disconnect from the city’s network. If there aren’t security solutions in place that can secure these types of borderless networks, all it takes is one municipal employee to bring an infected device onto the city’s network to put the personal information of thousands at risk.

Common Sense Tactics Go a Long Way

Security teams working on any network – whether for a municipality or an enterprise – need to first assure that all the operating systems, platforms and devices using it are still receiving regular updates and support. For instance, Microsoft employs end-of-life support cycles for iterations of each of its operating systems. Mainstream support for Windows Vista and Windows 7 both expired years ago, with extended support for Windows 7 set to expire come January 2020, while Vista users were turned off in April 2017.

Because municipalities are notorious for employing technologies long after they were originally marketed, there are no doubt platforms running on most of these networks that haven’t adapted to the increasingly rampant threat landscape.

It’s also important that the cybersecurity tools that teams use to protect their devices deliver equal and effective protection across all the platforms and device types that populate the network. If the secure web gateway product a team uses to vet traffic entering the network doesn’t deliver feature parity for both new and legacy technology, it’s virtually ineffective, as hackers only need to find one vulnerability to get past the network perimeter and wreak widespread havoc.

Most importantly, teams need to be sure they are backing up their data, encrypting their traffic and isolating their encryption keys in environments that outside parties can’t access. This is easier said than done, but by turning to trusted data backup providers and established encryption methodologies like SSL (as opposed to proprietary products/methods that haven’t been proven on the market), you can rest easy knowing these tools receive regular updates and patches in kind.