ransomware (posteriori/Shutterstock.com)

An ounce of ransomware prevention…

In December, the Carroll County Sheriff's Office in Arkansas paid about $2,400 worth of bitcoin to restore its systems after a ransomware attack locked computer files. Earlier that month, Mecklenburg County, N.C., was hit with ransomware attack, but refused to pay the attackers. Processes were slowed, but the county could rely on backup data to rebuild the systems, according to the Associated Press.

According to security experts, organizations can take relatively simple steps to protect themselves from ransomware -- and to ensure that their reponse can be more like Mecklenburg's.

The “vast majority” of ransomware attacks are the result of malware sent through email, but it can also come from websites, worm-like behavior and targeted attacks, according to Kevin Haley, the director of product management for security response at Symantec. A quality email gateway is important for scanning email and stripping out any executable files.

“That’s absolutely critical,” Jean-Pierre Auffret, the associate director of the center for assurance research and engineering at George Mason University. “People have been [using gateways] for years, but when we go back and do surveys, we find there’s some people that still aren’t doing it. You’re leaving a huge hole.”

It’s also important to patch endpoints, which is becoming easier with endpoint management systems that allow IT managers to automate the process, relieving users of the responsibility of keeping up with updates, Auffret said.


Ransomware defense depends on product upgrades, patches

Intelligence officials encouraged IT managers to patch software and retire products at the end of their lifecycles. Read more.

Ransomware protection for backup data

BackupAssist is adding ransomware protection to its suite of data recovery tools. Read more.

When it comes to ransomware, it’s sometimes best to pay up

Paying up may be the rational choice for some organizations, but given that cybercriminals go where the money is, the repercussions for others could be significant. Read more.

Like patching, backups are becoming more automated, and cloud services have also made it easier, Auffret said.

These backups should be on the cloud or in a separate network and stored in a different geographic location, which has the added benefit of being able to survive a fire or other disaster, he said.

Backups should not be stored on drives that are also used for day-to-day business. They shouldn’t automatically mount when a computer turns on, either. If backups are stored separately, then people will be less likely to access them and they’ll be more secure, Haley said.

“Cities and counties have become a somewhat popular target [for ransomware], and many of them have limited budgets and limited IT expertise, so it’s quite a challenge,” Auffret said.

Having backups doesn’t guarantee a quick recovery from ransomware, he said. Restoring systems "can still take a while,” Auffret said. But organizations won't need to pay ransom if backups are in place.

Localities that don’t have the IT resources of a large locality like Mecklenburg County have some places they can turn to for help. There are often resources available through the state government, and smaller governments have found success in partnerships with their larger neighbors. The Multi-State Information Sharing and Analysis Center also has resources on best practices and tools, Auffret  said.

But the most important thing, is that people stop paying the ransom, Haley said. “Really the way that we will end this problem is when we stop paying to get our files back.”

About the Author

Matt Leonard is a former reporter for GCN.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.