A ransomware attack against Genesee County, Michigan, was more extensive than county officials originally thought, SC Magazine says. The county’s systems were hit by the malware on Tuesday, April 2nd, and officials initially thought they expected to recover the systems by the end of the next day.
Two days later, however, the county’s Board of Commissioners admitted in a Facebook post that services would be “extremely limited for some time” as they continued the slow process of recovery.
On April 5th, they set a new goal of restoring operations by Monday, April 8th. This also turned out to be excessively optimistic. As of April 8th, the email system and fax servers had been restored, and the county hoped to have the Treasurer's Office and the Equalization Department running normally by the following morning. All other departments were still affected.
The incident highlights how difficult it can be for local governments to recover from ransomware attacks, and also how victims often underestimate the damage these attacks can cause until they learn from experience. Sophisticated threat actors often use custom-made malware that can bypass antivirus systems. Secure backups are an essential security measure, but victims will find that restoring from backups can be a long and tedious process.
The best strategy is to keep the ransomware off of your systems in the first place. Employees are your last line of defense, since almost all of these attacks depend on someone inside the organization mistakenly clicking a link or opening an attachment. New-school security awareness training can give your employees the ability to avoid falling for phishing attacks.