Late Thursday, Atlanta, Georgia was hit by a ransomware attack that ended up infecting multiple applications and devices, crippling the city’s municipal computer system. As city employees arrived at work on Friday, they were each handed a flyer telling them not to turn on their computer until the IT department had cleared their systems.
In the meantime, cybercriminals were demanding $51,000 in bitcoin to return access to the ATL.
The Atlanta attack is just the latest high-profile ransomware attack that should prompt everyone to review their data protection strategy – because given how fast the threat from ransomware is evolving, old defenses are proving less effective against the new threats.
Details of the attack are still being determined. Early news reports claim it resembles MSIL/SAMAS and we have an analysis of that strain of ransomware here. In the meantime, there are steps that every individual and business can take immediately to help avoid being a ransomware victim.
Defending your system against ransomware
Experts in online security suggest four preventative measures that will help reduce the chances that you’ll be infected by ransomware.
- Keep your computer’s software up to date. Ransomware frequently targets vulnerabilities in a computer’s operating system or in a particular application. Software companies regularly issue updates to close those holes, so knowing that you’re running the most current version will help close that attack window. What happens when you don’t stay current? Last year’s historic WannaCry attack illustrated the problem perfectly since Microsoft had previously released a fix for the exploit that WannaCry targeted. Given the historic level of infections that occurred, it was clear many individuals and organizations did not download the patch.
- Duplicate your entire system with a full image/mirror image backup. A mirror image backup of your system captures everything on your disk, including files, folders, apps, system settings, and the operating system. That way if your computer gets infected and files are encrypted, you have a way to quickly restore your system without having to pay the ransom.
- Ensure the signature database of your anti-malware is up-to-date. While traditional anti-virus software can only stop ransomware that’s previously been seen and dissected by the security companies, having up-to-date signatures can help prevent infection if a new threat is simply a variant of an older strain.
- Know how criminals put malware on your computer. Most infections occur when someone clicks a link or opens an attachment that is designed to look safe but bears a malicious code. Infections also happen by visiting dubious websites that have illegal or questionable content. Remember that some cybercriminals specialize in “social engineering” to figure out how to get someone to click a malicious link. For businesses, that means just one careless employee can take down your system if you don’t have an active anti-ransomware defense.
Are backups always safe?
Cybercriminals recognize how effective a full image backup is at thwarting their attacks, so many new strains of ransomware now target backup files and backup software. One way to ensure you have a safe, clean backup file is to keep a copy that you keep separate from the original – so either an external hard drive that you disconnect and store elsewhere or in cloud storage. The safest bet is to use backup software that includes a built-in, active defense against ransomware – one that protects the files as well as the software and backup agents. Only Acronis integrates an AI-based ransomware defense into its business and home user solutions that actively detects and stops attacks, and will automatically recover any files damaged in an attack.
What if I’m already infected?
If you’ve already received a ransom note on your computer, it is likely too late – but the experts offer the following advice.
First, do not pay the ransom. Fewer than half (47 percent) of the people who pay the ransom ever get access to their data again.
If you do have a backup of your system that was not connected to the infected computer, you can try restoring your system. It is best to restore the entire system to be sure the infection is removed.
If you only have a backup on a local drive, you’re probably out of luck. As we said, modern ransomware searches for backup files and either encrypts or deletes them.
All of our data will continue to be threatened by ransomware, so as city officials in Atlanta work to clean their systems, it’s important that home users and businesses of all sizes take steps now to help avoid the next ransomware outbreak. Because whatever brand of ransomware Atlanta is suffering from now, you can be sure it won’t be the last.
Companies looking for a reliable, easy-to-use and secure business backup solution that includes active protection from ransomware should consider Acronis Backup. A free 30-day trial will show how it will easily meet their data protection needs.
For home users, Acronis True Image integrates the same anti-ransomware software into every edition and ensures you can create a mirror image of your computer so none of your data is ever lost.
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 2,000 employees in 45 locations. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by 18,000 service providers to protect over 750,000 businesses.