Albany Ransomware

How Did The City Of Albany Get Hacked?

Mayor Kathy Sheehan tweeted on Saturday, March 30th that the City of Albany experienced a ransomware cyberattack. Ransomware is a common exploit that hackers use to steal confidential information for a profit. It locked the City’s computer files and demanded a ransom to release them. Right now they are trying to assess the damages caused by the data compromise.

What Is Ransomware?

Ransomware is a type of malicious software (malware) designed to deny access to a computer system or data until a ransom is paid. It’s the most frequently used form of malicious computer virus today.

The U.S. National Cybersecurity and Communications Integration Center’s (NCCIC) has observed an increase in ransomware attacks around the world. It has infected and paralyzed hundreds of thousands of organizations, and costs businesses more than $75 Billion each year.

How Is Ransomware Spread?

Ransomware typically spreads through phishing emails or when visiting an infected website. Phishing emails are designed to appear as though they have been sent from a legitimate organization or known individual. They entice users to click on a link or open an attachment containing malicious code. After the code is run, your computer is infected with malware.

Ransomware viruses come in many forms, including:

  • Wanna
  • Petya
  • NotPetya
  • Crypto
  • Bad Rabbit
  • Locky
  • Eternal Blue
  • And many others.

Should We Pay The Ransom?

Any business or organization can be affected by ransomware. All it takes is for an unsuspecting user to click on a malicious link in a phishing email that contains a computer virus.

Malicious software will lock down your computer files unless you agree to pay the ransom in bitcoin. However, The FBI says that you shouldn’t pay the ransom. There’s no guarantee that you’ll recover your files if you do.

What Should We Do To Protect Our Business From Ransomware?

The best way to protect your business is to prevent ransomware from landing on your computers in the first place. Along with this, you must provide Security Awareness Training for your users so they know how to avoid being tricked by phishing emails that contain malware.

The NCCIC recommends that you take these precautions to protect users against the threat of ransomware. This is a long list of things to do, and you may need help from your IT professional, but it’s worth taking the time and effort to complete.

  • Update software and operating systems with the latest patches. Outdated applications and operating systems are the targets of most attacks.
  • Never click on links or open attachments in unsolicited emails.
  • Back up data daily. Keep it on a separate device and also store it offline.
  • Restrict users’ permissions to install and run software applications and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through your IT network.
  • Use application whitelisting to allow only approved programs to run on a network.
  • Secure your email. Enable strong spam filters to prevent phishing emails from reaching your end users and authenticate inbound email to prevent email spoofing.
  • Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
  • Arrange for network assessments to detect all security gaps in your network.
  • Set up a Virtual Private Network (VPN) to detect any IT assets that are vulnerable.
  • Implement Endpoint Protection.
  • Employ sandboxing to sequester any malicious files.
  • Establish Intrusion Protection System (IPS) policies to prevent malware from spreading to other LANs.
  • Ensure that any infected network is automatically isolated until they can eradicate the infection.
  • Segment LANs, using VLANs (Virtual Local Area Networks) and connect them all together to you next-generation firewall.
    Apply critical updates. An automated service can ensure that your updates and patches are applied. This will help to protect your computers and IT network from the latest ransomware and other cyber threats.
  • Always use secure passwords: You can teach your employees to use secure passwords, but they won’t always do so. You also need to implement secure password security policies that limit user access and set screen timeouts.
  • Configure firewalls to block access to known malicious IP addresses. Use a modern, high-performing next-generation firewall, IPS and sandboxing solutions.
  • Follow safe practices when browsing the Internet. * Read and follow the Security Tips from the US-CERT (United States Computer Emergency Readiness Team).

Have questions?  Our team is here to answer any questions about your computer and network security.  Call (518) 587-1565 or drop us an email.