Another couple of articles recently hit the news, adding to the number of municipalities and local governments being hit by ransomware, as well as describing some of the fallout from these attacks. The biggest takeaway is that these ransomware attacks are, in most, if not all cases, the result of an employee clicking an attachment in an email and unleashing the malware onto the network. However, despite wanting to get rid of this “exposure”, we have to remember that the Human Factor will always play a role in these organizations. The best thing that we can do is to share the knowledge and learn from these errors.
Onto the recent cases:
In Florida, now along with Riviera Beach and Jackson County, Key Biscayne joins the list of victims of some form of ransomware mistakenly introduced by a city worker. As with the other municipalities, Key Biscayne has to make the decision on whether they’re going to pay the ransom or go with other methods of recovering their systems. As we noted in the Riviera Beach case, they opted to pay out $600K in Bitcoin in order to make their problem go away and are now battling with their insurance provider to determine who is on the hook. Key Biscayne, with a population of only about 3,000 people versus Riviera Beach, which is home to more than 32,000, may have to weigh the pro and cons of their decision based on how much ransom is being demanded and whether the municipality has insurance coverage or not.
And, just prior to Key Biscayne, Lake City Florida had to pay out $460K in ransom. In this case, apart from a $10K deductible, they are fortunate that insurance will cover the rest of the ransom. Although Lake City’s Mayor stated that he would typically agree with the FBI’s recommendation not to pay the hackers, it came down to the dollars and cents and representing what was the right thing to do for the citizens of the city as a prolonged recovery would have cost the taxpayers more than just paying the ransom. Unfortunately, another outcome from that attack was that a city IT employee was terminated as they were deemed not to have done enough to protect the computer systems from an intrusion (although it was NOT the same person who had clicked on the malicious email). In our opinion, this is is like firing the most valuable employee – the one who made the mistake that the city could learn from (assuming that he/she didn’t do this based on malice).
So, as we’re seeing more and more, these ransomware attacks on smaller municipalities are netting hackers a payday. By hitting smaller cities who are less likely to have adequate protections in place, and who are more price sensitive to the ransom that the hackers are demanding, are also more likely to either pay the ransomware or are lucky enough to have insurance coverage. This doesn’t bode well for being able to eradicate the value or ransomware to hackers any time soon, but it could be a learning experience for other municipalities if the information that these victims gained can be quickly shared with other organizations that find themselves in the same boat! As is the typical case, the attacks are a result of an employee clicking on an email attachment that they shouldn’t have. So, what is the best solution?
That’s where Wedge comes in! We know that the human factor will always be around in all organizations; it is just a matter of changing how we think and attack the problem. We have to be able to continuously take the knowledge we’ve gained from previous attacks and outcomes and use that in our fight against future attacks. The proactive “Detect and Block” mentality is key here. We know that employees will always be susceptible to being tricked into clicking links that they shouldn’t; but what if these emails never even reach the employees? With Wedge’s Advanced Malware Blocker, all advanced threats can be blocked BEFORE they reach their intended target. With Wedge’s patented Deep Content Inspection, combined with orchestrated industry best-of-breed malware heuristics and artificial intelligence / machine learning, we continually take knowledge from previously seen threats and attacks and use them in a way that now even never-before-seen threats can be detected and blocked. With WedgeAMB, we take away the possibility that an employee will unknowingly introduce malware into the network by removing that threat before they even see it. You can’t fire everyone so at least put a proactive solution in place! For a FREE 90 day trial of this solution, contact our team at: firstname.lastname@example.org.