The bustling Port of San Diego is recovering from a ransomware attack that hit on Tuesday, September 25, striking the administrative computer systems. The FBI and U.S. Department of Homeland Security are currently on-site investigating the ransomware further. And while the Port remains open to the public and shipping traffic is unaffected, certain systems are being shut down as a precaution while Port officials develop and implement their recovery plan.
The incident marks the second cyberattack on an international port this week, as the Port of Barcelona was forced to fall back on contingency plans in response to an attack on their servers.
Yet these are just the latest examples in a growing epidemic of cybercrimes that target transportation, municipal, and governmental infrastructure. Other recent victims include Colorado’s Department of Transportation, which spent nearly $2 million to recover from the attack, and the City of Atlanta, which may end up paying $17 million. Just last week, the UK’s Bristol Airport was targeted by ransomware as well, disrupting travelers, airline workers, and airport staff.
It’s now more important than ever to have a modern plan in place to actively defend your organization against the threat of ransomware. To do that, our experts recommend four simple steps to ensure your files, apps, and systems stay safe.
Four steps to defend your system from ransomware
- Stay up-to-date. Like all malware, ransomware seeks out vulnerabilities in your computer system. Software companies respond to this by finding and patching vulnerabilities, delivering regular updates which sure-up these vulnerabilities. Simply by updating your system’s software, you can make it harder for ransomware to find a good point of attack.
- Have a mirror image backup (or two) at the ready. If your system does get infected having an up-to-date mirror image backup at hand will allow you to wipe out the damage done by the cyber-attack and return all of your files, folders, apps, system settings, and your operating system to a pre-infected state. To ensure the most secure backups possible, experts recommend you follow the 3-2-1 Rule: maintain three copies of your data, store the data in two different formats, and ensure one is always offsite in the cloud.
- Make sure your anti-malware is updated. Your computer’s traditional anti-virus software works by checking potential ransomware against a signature database. If it finds a file signature that matches known ransomware, it blocks and deletes it. However, if the signature database isn’t updated, the ransomware strain will get through. A better approach is to add a proactive defense. Acronis Active Protection, included in all Acronis backup products, significantly enhances traditional defenses by actively reviewing the behavior of potentially malicious files, rather than relying on identifying known signatures. This approach reduces the threat of new ransomware strains and deletes malicious files before they can begin their attack.
- Know how criminals get in. The majority of ransomware infections begin with simple human error – someone clicks a link or opens an attachment that floods the computer and attached system with malicious code. Cybercriminals are highly sophisticated in these methods, using social engineering to motivate users to make a mistaken click that will compromise your entire system. Make sure everyone who accesses your system is aware of these dangers.
What to do if you get infected
If ransomware has already encrypted your computer and the clock is ticking to pay the ransom to get your data back, we recommend the following steps:
- Don’t pay the ransom. Only 47 percent of ransomware victims who pay actually get their data back. Most end up losing their data and their money while signaling cybercriminals that their methods work.
- If you have a backup that was unconnected at the time of the attack, try to restore it. Don’t assume that restoring encrypted files alone will solve your problem, ransomware can infect every part of your system and only by restoring the entire thing will you be sure that the infection’s removed.
- If you don’t have a backup, or your backup was on a local drive at the time of the attack, you may be out of luck. Modern ransomware seeks out local backup files and encrypts or deletes them to ensure you don’t have an escape route from the attack. Without a secure, unconnected backup image, you may need to delete your entire system to rid yourself of the infection.
There’s no sign that ransomware attacks will slow in terms of frequency or sophistication. Between 2016 and 2017, the number of ransomware attacks grew by an unprecedented 350 percent.
Yet, we live and work in an increasingly digital world and the solution to these threats doesn’t come from a return to analog days. With reliable, secure, and easy-to-use backup software from Acronis, innovative active anti-ransomware, and just a bit of human vigilance, you can keep your data and your system safe and secure no matter what.