When Cyberattacks Force Organizations to Use Paper
Computers revolutionized the way we do business, to the point that reliance on computers is almost total for many organizations. This almost total reliance on computers, however, makes many organizations vulnerable to cyberattacks, such as ransomware attacks.
The recent ransomware attack on the City Hall of Del Rio, Texashighlights the downside of the digital age. The City Hall of Del Rio succumbed to a ransomware attack resulting in the “transactions at City Hall … being done manually with paper”, the City of Del Rio said in a statement.
The City of Del Rio said that its City Hall was attacked by a ransomware last January 10, which prompted the city’s IT department in disabling the city’s servers, the shutting off of the internet connection for all city departments and disallowing employees to log into the system.
Aside from the City of Del Rio, other organizations had also been sent back in time into the days of paper and pen, and for some revisiting those dusty typewriters.
The WannaCry ransomware, which infected hundreds of thousands of computers worldwide on May 12, 2017, forced the staff at the National Health Service (NHS) in the U.K. to return to the use of pen and paper. The ransomware attack on the town hall of the town of Matanuska-Susitna, Alaska in July 2018 forced the town staff to dust off typewriters and to use paper and pen.
Why Ransomware Could Send Organizations Back in Time?
Ransomware is a type of malicious software (malware) that’s meant to block access to a computer system or data until a ransom is paid.
Typical ransomware encrypts – the process of encoding information – all content in a computer, preventing the user access to the computer content and the files therein. The ransomware attacker or attackers inform the victim of this encryption through a notification on the computer screen, which also serves as a ransom note, telling the victim to pay ransom, typically in the form of a cryptocurrency like Bitcoin, to get the decryption key which would unlock (although not in all cases) the encrypted content.
Many ransomware programs have a worm-like capability, meaning these malicious software programs have the ability to spread itself within networks without user interaction.
Of the 3 cited ransomware attacks, only the ransomware attack on NHS is identified – the ransomware, in this case, is called WannaCry. To date, the ransomware programs that attacked the City of Del Rio and the town of Matanuska-Susitna remain unidentified.
The initial cause of infection of these 3 ransomware attacks is also unknown. How the ransomware infection spread to other computers or networks isn’t known in the ransomware attacks on the City of Del Rio and the town of Matanuska-Susitna.
The worm-like behavior of WannaCry ransomware is attributed to the exploitation of the security vulnerability in certain versions of Windows’ Server Message Block (SMB) – a feature in Windows operating systems that allows shared access to files and other resources on a network. Close to a month prior to the WannaCry attack, Microsoftissued a security update, fixing this security vulnerability.
Cybersecurity Best Practices
The devastation brought about by ransomware isn’t limited to loss of access to computer systems or files or the ransom payment. Ransomware attacks are sometimes used as a diversionary tactic in order to hide the real intention of the attackers, that is, to steal information or to conduct other cybercrimes.
Here are some cybersecurity best practices in order to prevent cyberattacks, including ransomware attacks, that could send your organization back in time into the days of using paper, pen and typewriter:
Exercise Email Hygiene
The top suspected cause of initial infection of the above-mentioned ransomware attacks is phishing. According to Statista, the number one delivery method causing ransomware infections as of 2nd quarter 2018 was phishing.
In a phishing attack, an email is used to stage a cyberattack. Emails used in phishing attacks are basically emails masquerading as coming from legitimate sources and containing malicious links or malicious attachments. Clicking these malicious links or downloading these malicious attachments could lead to the installation of a malware.
Here are some recommendations in order to prevent ransomware attacks via phishing:
- Train your staff to be extra vigilant in opening emails, clicking links and downloading attachments
- Use a security tool that also includes advanced anti-spam filter features
- Configure firewalls to block access to known malicious IP addresses
- Apply the principle of least privilege – the practice of granting privileges on computers based on users’ job necessities. To prevent ransomware attacks and other forms of cyberattacks, limit the ability to install and run software applications to trained and skilled staff and limit it to the staff at the IT department.
Keep All Software Up-to-Date
In the case of WannaCry ransomware, the identified cause of the spread of the malware was the failure of the users of specific Windows operating systems to install Microsoft’s March 14, 2017 security update. Outdated software, such as an outdated operating system, is often the target of many ransomware attacks.
Practice Network Segmentation
One of the main reasons that victims of ransomware attacks are forced to go back in time into the days of using paper, pen and even typewriter is that many organizations fail to implement network segmentation. In network segmentation, an organization’s network is divided into subnetworks, each subnetwork serving a different purpose.
A ransomware infection can quickly spread in an unsegmented network, given that many ransomware programs exhibit worm-like behavior, the ability to self-replicate to spread to uninfected computers within the network.
Network segmentation is one of the effective means of containing an infection within a particular subnetwork, enabling the other subnetworks to continue functioning.
Out network and support engineers can help you solve most complex problems and help prevent ransomware infection, fast. Contact ustoday for a free consultation and protect your business.