Looking back at the SamSam Ransomware attack of February 2018 on the Colorado Department of Transportation (CDOT), one sees the necessity of an ironclad disaster recovery plan. The virus locked 2,000 agency computers, encrypted files, and demanded a ransom to be paid in bitcoin; which was not paid, as highlighted in a statement by CDOT spokeswoman Brandi Simmons.
Luckily, the attack did not affect the state's traffic operations and travel information notification systems − as these were on a separate system − but the department's finance and payroll were disconnected. It cost the state of Colorado 1.5 to 2 million dollars to resolve, but it could have been much worse.
10 days after the initial attack then-governor John Hickenlooper declared a statewide emergency, and handled the attack with the same rigid protocol as a natural disaster. This opened the door to help from not only from the Office of Information Technology and the state emergency management office, but also the National Guard, FBI, and Department of Homeland Security. This was a historic event in that it was the first time that any state has signed a disaster declaration for a cyberattack.
80 percent of the systems were restored within 30 days of initial attack. Statistics say that on average it takes 197 days to identify a breach, and another 69 days to contain, so it appears that the emergency response proved effective in the case of Colorado Department of Transportation.
While not every cyberattack will be deemed a statewide emergency, there are safeguards and recovery protocols that can be implemented to avoid or minimize the blow of ransomware.
Here are some quick tips for defeating ransomware, from the pros here at Frontier IT in Colorado Springs:
Use reputable firewall and antivirus software and check that all systems and software patches are up to date. Also − always have back ups of your files!
Ensure your employees know not to provide any sensitive information via email or unsolicited phone calls, and automatically scan all incoming emails for threats.
Any traveling employees who will be using public Wi-Fi should be setup with a secure VPN prior to their trip.
First and foremost, do not pay the ransom. This perpetuates and fuels this activity and does not ensure restoration of your files and networks. This advice is backed by the FBI.
Disconnect from Wi-Fi or unplug the network immediately if you think you may be infected. The sooner the better! But if you can quickly take a snapshot with your phone or a screenshot of the ransom note, it can come in handy later.
Seek professional IT support immediately. You will need highly sophisticated team who will be vigilant in decrypting and restoring your files.
File a police report with as much information as possible, including the aforementioned snapshot of the ransom note if you have it.
Determine whether or not your backup files were affected. If not, wipe everything and do a clean installation of your operating system and restore files from your backup. You do not want to leave any tracks of the ransomware in your system.
Assess the occurrence afterward, learning what exactly happened, how the infection spread, and what measures need to be implemented to prevent future attacks.
Is your business protected from ransomware? Call the IT professionals here at Frontier IT to protect your network against attacks: 719-888-HELP.