Acronis Active Protection stops ransomware attacks like SamSam that the City of Atlanta has spent months and millions recovering from
You may have heard of the April 2018 "SamSam" ransomware attack on the city of Atlanta, Georgia, USA. While a terrible blow to Atlanta, it provides an instructive example of the real costs of recovering from a successful ransomware attack.
According to Atlanta’s chief of Information Management, more than a third of the city’s 424 essential applications were laid low by the attack, with 30 percent of those supporting vital municipal functions like the court system and police department. According to reports, the City Attorney's office lost all but six of its 77 computers and 10 years' worth of documents, while the police department lost all of its stored dashcam recordings: serious losses of critical data.
The True Cost of Ransomware
It is estimated that Atlanta will need to spend $9.5 million over the next year to recover, in addition to $2 million in recovery cost outlays from the first few weeks after the attack. The total could easily balloon further as the city completes its cleanup and post-mortem analysis.
We reported on this story shortly after news of the attack became public when early damage estimates hovered at a mere $1 million. Atlanta has learned the hard way that the recovery efforts from a ransomware attack are often much more costly than initial projections might suggest.
Should You Pay the Ransom?
Atlanta didn’t pay the ransom, a strategy generally recommended by security experts and law enforcement officials, as more than 50 percent of victims who pay up don’t recover their data anyway, often because the malware authors botch the decryption coding.
But businesses that refuse to pay the ransom must rely on their backup and business continuity operations to recover their data from earlier archives. Unfortunately the City of Atlanta was ill-equipped to do this.
City officials refused to pay the ransom -- $51,000 in Bitcoin -- and proceeded to rack up huge recovery costs.
The Most Secure Backup
In hindsight, a better approach would have combined more diligent, regular backups with proactive measures to detect, terminate and instantly recover from a ransomware attack in real time, which is possible with Acronis Backup since it includes Acronis Active Protection, an integrated, AI-based defense against ransomware. The costs of the solution would be small compared to both the ransom demanded and the subsequent cleanup costs.
Acronis Active Protection has already been proven by independent testers to successfully detect, defeat, and automatically recover from ransomware attacks, including like the SamSam variant that brought down the City of Atlanta’s computer systems. Had Atlanta invested in Acronis Backup (our data protection product for organizations), the city would have saved the $10 million in cleanup costs and avoided the huge hit to the reputation of every city official and IT professionals involved.
Effective Anti-ransomware Software
The Acronis Active Protection technology included in all of our backup products not only defeats known ransomware strains like SamSam, but so-called “zero-day” ransomware attacks: the kind that are as yet unknown to security researchers. That’s because the built-in machine learning capabilities of Acronis Active Protection identify ransomware attacks not by their known signatures (the approach used by anti-virus programs) but by their behaviors.
Acronis Active Protection combines a knowledge of known ransomware behaviors with the ability to identify new strains in real time based on machine-learning analysis of millions of bad and good programs. This AI-based defense has been proven exceedingly effective in stopping all types of ransomware, successfully defeating 200,000 last year.
And Acronis keeps updating this anti-ransomware tech, preserving its reputation (verified by multiple independent researchers) as the most effective anti-ransomware solution on the market.
The old adage states that an ounce of prevention is worth a pound of cure. The SamSam attack on the City of Atlanta clearly illustrates that just a little bit of preparation – such as Acronis Cyber Protection solutions with an integrated anti-ransomware defense – can help avoid a costly infection. Protecting yourself, your business, and your city against ransomware with Acronis Active Protection will help you escape disaster before it happens.