Atlanta is the latest victim of a broad-scale ransomware attack that knocked out computer networks across the city.

The attack was described in a press conference by Atlanta Mayor Keisha Lance Bottoms as “outages in various internal and external customer facing applications,” including payment systems and court-related systems. The mayor went on to say that the city was working with Homeland Security, the Federal Bureau of Investigation and external partners, including Microsoft Corp. and Cisco Systems Inc., to resolve what she called an “issue.”

It’s not clear how bad the ransomware infection is, but it appears to be widespread. One local media outlet showed a screenshot of a ransomware message demanding a payment of $6,800 in bitcoin to unlock each computer, or $51,000 to provide all the keys for affected systems.

Rob Tate, security researcher at WhiteHat Security Inc., told SiliconANGLE that ransomware has become the new phishing attack, replacing that method of impersonating an acquaintance to break into systems as the preferred form of attack.

“It’s a quick and easy win for bad guys that more than likely haven’t even breached your network,” Tate said. “But the threat of bad press, reputation damage and fleeing customers is enough to incentivize companies to pay the ransom. This has caused a huge spike in ransomware threats. The bad guys aren’t dumb. They realize that there is this paranoia and fear, so it’s really easy to send an email saying ‘Send me 10 bitcoins/dollars or else,’ and inevitably, a few will actually cough up.”

Tate noted that this attack is yet another wakeup call for enterprises to protect against all threats, not simply focus on a single issue. “By performing a full vulnerability assessment and fixing the issues, you can protect your company from a far larger threat landscape,” Tate added. “If 90 percent of your fence has already fallen over, what’s the use in trying to fix a hole in the 10 percent that’s left up? Simply backing up your data and using up-to-date encryption will negate a lot of the risk of ransomware.”

Darius Goodall, director of product marketing at Barracuda Networks Inc., said ransomware attacks have taken a sophisticated turn in the last few years and that organizations should deploy a multilayered security program in order to prevent the intrusion of malware and allow for quick recovery in case an attack is not stopped.

To be fair, Goodall noted that while detection and mitigation are key, there are instances when ransomware gets through. If a data backup is not in place, he said, victims should take several step.

“First, find out what type of ransomware it is, e.g. encryption, screen-locking, etc.,” he said. “From there you can see if you’re still able to access files, especially from another location like a mobile device. If so, then the ransomware is likely fake. If it’s encryption or screen-locking, disconnect from your network and use antimalware or antivirus software to clean the ransomware and use a data recovery tool to help find those deleted files that are often trashed once ransomware encrypts new copies.”

Still, the key is that organizations need to keep testing backup and recovery processes and back up copies of data in multiple locations. What’s more, he recommended never negotiating with hackers. “There’s not a guarantee you’ll get your data back,” he said, while acknowledging that it’s tough advice to follow when critical data is involved.

Photo: Pixabay