By Craig Petronella, CEO Petronella Technology Group Inc.
So far in 2019, there have been 22 reported public-sector ransomware attacks on US cities, signaling a rise in frequency since 2018. The attacks are usually targeted at local government facilities such as cities, police stations, and schools. Some of these attacks have cost millions of dollars in ransom to get functioning again.
Experts estimate that ransomware costs billions of dollars a day worldwide, though the cost may be even higher because there is no global tracking system of incidents, nor are all incidents reported. Individuals are less likely to be hit with ransomware, due to the low payout to the hackers. They are also less likely than major businesses or government entities to report an attack.
Ransomware attacks are usually carried out by a multitude of individuals, either working alone or in criminal gangs. Many claim to be system insiders. Though many ransomware attackers are never identified, international law enforcement agencies have been able to catch a few.
In 2017, the FBI and six international law enforcement agencies arrested three suspects in Romania and two suspects in Hungary. The five were accused of running the CBT-Locker ransomware scam.
Attacks often originate in countries where the US cannot extradite the criminals. Some of the world’s most destructive ransomware worms, WannaCry, NotPtya, and SamSam, have been created in such places.
At least 170 county, city, or state government systems have been attacked since 2013. Baltimore is a recent victim, being forced to provide most of its municipal services manually after being attacked. Albany, New York also experienced a ransomware hit. The attack came on a Saturday when most IT staff are not working and readily available to counter the attack.
Attend our free CLE webinar on August 14, where you’ll learn “Top 10 Things To Prevent a Data Breach?” Register here. It’s just one benefit of membership in the Alta Pro Lawyers RPG.
5 Ways to Avoid a Ransomware Attack
Ransomware attacks are on the rise. Until money is paid, you could be looking at a total lockout of all of your files, email, and financial systems. Here are some ways to minimize your risk:
- Cybersecurity training and awareness. Be aware and be vigilant. Phishing emails are the number one way hackers access your system. Be wary of opening any attachments or links from unknown sources. Keep an eye out for misspelled words and odd links.
- Use two-factor authentication. Two-factor, sometimes called dual-factor, authentication is a second layer of protection that essentially makes you verify your identity, not just log in with a username and password. Often the second factor is an email or text code sent to your phone.
- Back up your data offline. Back-ups of critical data are essential. If for some reason your system is hacked, your offline back up will be safe. It can also be utilized to restore your system to its pre-attack state once the virus is removed.
- Change your password often. And not just by a single digit or letter. The strongest passwords are at least nine characters long and utilize a minimum of one capital letter, one number, and one symbol. Utilizing a password key can help you remember your passwords.
- Keep your software up to date. Just do it. These regular updates can help patch issues that your current version leaves vulnerable.
Want to learn how to get cybersecurity insurance to protect your practice? Learn more here.
About the Author
Craig A. Petronella is the CEO of Petronella Technology Group Inc, a cybersecurity group that specializes in helping law firms with security and compliance. With 30 years of experience, Petronella is the author of “How Hackers Can Crush your Law Firm,” “Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone: 919-601-1601; Helpdesk Support: 919-422-2607. For information about a cyber-crime risk assessment: 1-877-468-2721.