The case of the county-killing ransomware


Ransomware has been a plague on networks the world over for several years now, infecting businesses, hospitals, municipalities — essentially, any organizations large enough to pay the hefty ransoms that crooks require of victims to retrieve their stolen files are potential targets. At Kaspersky Lab, we’ve seen the threat evolve from one that focused on individuals to one that increasingly targets businesses and larger organizations. In fact, a recent report on ransomware found that 26% of businesses had been hit with ransomware in 2017 alone.

But this week’s cybernews included reports of a particularly remarkable ransomware infection — one that effectively took down an entire county in North Carolina. The ransomware attack has forced officials in Mecklenburg County to quarantine 48 of the 500 servers the municipality relies on for daily government operations. The hackers have asked for a $23,000 ransom, which the county manager says will not be paid.

The attack has left county workers using paper and pen to handle tax payments, jail services, child support, and the myriad other municipal services they manage — fallout that may continue for many days or even weeks. And despite the county presumably having backups of its data, it is difficult to know what personal and confidential information from the county’s million-plus inhabitants has been compromised and could be used for malicious purposes.

The infection started with just one click, an employee opening a malicious e-mail attachment. Then everything spun out of control.

So, what can organizations do to better prepare for and prevent ransomware attacks? Here are five great points of advice to prepare for and respond to ransomware.

  • Stop phishing letters before they get to users. Most phishing letters can be detected on your mail server — you just need to use the right technology. For example, Kaspersky Security for Mail Server uses cloud technologies to block malicious attachments and phishing links.
  • Train your employees. Regardless of age or experience level, all of your organization’s employees need cybersecurity awareness training that provides them not only with a baseline understanding of threats, but with some practical protection skills. We have our own approach to this problem that can you can learn about in this post.
  • Enable updates. Make a habit of always updating operating systems, browsers, and other software. Most malware that is delivered in phishing letters relies on vulnerabilities in the software you are using. Regular updates will minimize chances of infection. Also, do not forget to update antimalware solutions as well — the best AV vendors release updates in real time to ensure their customers and partners are always protected from the latest online threats.
  • Use a robust security solution. Kaspersky Lab offers a range of antiransomware tools for business. First, our B2B endpoint protection solutions have an antiransomware subsystem that can detect the act of encryption and roll back changes made by malware. Secondly, we have a free tool that can work along with other antivirus products and provide the same level of protection to our clients even if their main protective solution fails to detect the threat.
  • Know your options. Even if your computers somehow get infected with ransomware that encrypts the files on them, all is not necessarily lost. For some species of ransomware, free decryption tools can help you restore the data without having to pay any ransom. To check whether it’s possible in your case, visit Kaspersky Lab’s No Ransom site.

How ready is your organization for a possible ransomware attack? If you’re feeling confident (or just want to see how much help you need in preparation for a possible malicious intrusion into your network), take our Ransomware Quiz.

To read more about ransomware, you can also download this antiransomware e-book, which will tell you all you need to know.