This latest ransomware attack demonstrates how an entire network can be taken down, bringing operations to a screeching halt.
Last week, the City of Del Rio, Texas reported falling victim to a ransomware attack that impacted a number of endpoints and servers. It’s not clear how the ransomware infected Del Rio’s systems. According to reports on the attack, the city responded in several ways, including turning off Internet access to other city departments, and to disable access to 30-45 servers.
This feels a lot more like scrambling to protect the organization after getting word of the infection than executing a planned response. Without knowing the specifics of what the City has in place, it’s reasonable to infer from response that the City was definitely unprepared.
Organizations with a layered security strategy that includes Security Awareness Training have a 37% reduction in the risk of ransomware infection. Other aspects of the security strategy should include patching of operating systems and applications, email and web scanning/filtering, DNS protection, antivirus, and endpoint protection. With these technologies and methods in place, it’s unlikely ransomware can spread without user interaction (which is addresses via Security Awareness Training).
Response tactics should focus on isolating the infected machines and ensuring users do not interact with email or web links they are not familiar with.
In the City’s defense, it’s impossible to know the specific attack tactics used by the infecting strain of ransomware, so the precautions they took at least work towards isolation of the malware. But it’s important to have plans in place that address an attack while maintaining business operations.