You may have heard about the ransomware attack against the city of Atlanta at the end of March, disrupting five of the city’s 13 local government departments for more than a week. The court system was inhibited, residents could not pay bills online, email communications were down — which hindered several requests related to sewer infrastructure issues — and the police department had to file paper reports for days. All this caused by a common but notorious ransomware known as SamSam — and which could have been prevented if Atlanta had had a predictive business continuity strategy in place.
The attackers asked for approximately $52,000 in bitcoin currency, which the city hesitated to pay. Then in a reversal, the attackers shut down their payment portal, and city officials ended up spending more than $2.6 million in emergency services to help recover its data and get systems back up and running.
According to Wired magazine, “SamSam infiltrates by exploiting vulnerabilities or guessing weak passwords in a target's public-facing systems, and then uses mechanisms like the popular Mimikatz password discovery tool to start to gain control of a network.” This ransomware can exploit vulnerabilities in remote desktop protocols, Java-based web servers, File Transfer Protocol servers and other public network components.
Attackers deploying SamSam often target local governments, hospitals and health records firms, universities, and other organizations that store tons of sensitive personal data such as social security and driver’s license numbers, credit card information, and police records. These organizations are also frequently unprepared for an attack of this type and many will prefer to pay the ransom than deal with the infections themselves.
In fact, the city of Atlanta had been notified of certain IT system vulnerabilities that needed attention. It’s a tough situation — IT departments in organizations of all types are stretched to their limit to meet the ever-increasing demands for business continuity. They’re tasked with delivering faster and better service to all departments while simultaneously controlling IT budgets, avoiding data loss and system downtime, and battling threats from cybercriminals.
Luckily there are new, more flexible and powerful technologies that not only better protect the IT environment and accelerate system, application and data recovery, but also help you proactively avoid unplanned outages and data loss in the first place. The outcome: You will be better protected from a wide range of malware and ransomware, which will ultimately help reduce risk of revenue loss, customer impact and business downtime.
Want to learn more about these technologies and how a predictive business continuity strategy can help you avert problems like ransomware attacks? ActualTech Media and Quest teamed up earlier in April to discuss how organizations can be more proactive in their infrastructure optimization and protection to mitigate the risk of downtime from disasters of all kinds. Check out the full on-demand webcast or download an executive summary of it to get ideas for implementing your own predictive business continuity strategy.