Avoiding the Ransomware Mistakes that Crippled Atlanta

What made Atlanta an easy target was its outdated use of technology: old computers running on non-supported platforms, which are also a characteristic of many municipalities and most major cities.

Chris Park, Chris Park, CIO, iboss

April 12, 2018

3 Min Read
Dark Reading logo in a gray background | Dark Reading

Last month, five of Atlanta's 13 government offices were "hijacked," as the city's mayor put it, by ransomware that disrupted far-reaching facets of the city’s digital infrastructure. From the courts to the police department to public works, government activity was essentially frozen as the hackers gave the city a week to pay the ransom – roughly $50,000 worth of bitcoin – or have critical data and processes deleted permanently.

While the event was eye-catching for several reasons, it's hardly an isolated incident. From Dallas to Denver, hackers leveraging ransomware not unlike the program that hit Atlanta have been able to "hijack" municipal networks largely because these entities were poorly protected.

It didn't take long for security teams to identify the virus in use – SAMSAM – or recognize and partially thwart the attackers' tactics. In fact, when word of the event spread around the cybersecurity community, the portal that the Atlanta hackers had opened to receive their ransom – complete with a countdown clock – was flooded with messages from hackers and cybersecurity pros alike, causing the hackers to take the channel down.

But what made Atlanta such an easy target – even for a relatively common form of ransomware – was its incredibly outdated use of technology in the broader sense. Old computers running on non-supported platforms, for instance, are a characteristic of many municipal operations, as most major cities support such a vast IT operation that updating every digital asset is time and cost prohibitive. This means that cyber vulnerabilities run rampant in local government, threatening the physical and intangible structures that hold society together.

Local governments typically have thousands of connected devices and many mobile employees who frequently connect and disconnect from the city’s network. If there aren’t security solutions in place that can secure these types of borderless networks, all it takes is one municipal employee to bring an infected device onto the city’s network to put the personal information of thousands at risk.

Common Sense Tactics Go a Long Way

Security teams working on any network – whether for a municipality or an enterprise – need to first assure that all the operating systems, platforms and devices using it are still receiving regular updates and support. For instance, Microsoft employs end-of-life support cycles for iterations of each of its operating systems. Mainstream support for Windows Vista and Windows 7 both expired years ago, with extended support for Windows 7 set to expire come January 2020, while Vista users were turned off in April 2017.

Because municipalities are notorious for employing technologies long after they were originally marketed, there are no doubt platforms running on most of these networks that haven’t adapted to the increasingly rampant threat landscape.

It’s also important that the cybersecurity tools that teams use to protect their devices deliver equal and effective protection across all the platforms and device types that populate the network. If the secure web gateway product a team uses to vet traffic entering the network doesn’t deliver feature parity for both new and legacy technology, it’s virtually ineffective, as hackers only need to find one vulnerability to get past the network perimeter and wreak widespread havoc.

Most importantly, teams need to be sure they are backing up their data, encrypting their traffic and isolating their encryption keys in environments that outside parties can’t access. This is easier said than done, but by turning to trusted data backup providers and established encryption methodologies like SSL (as opposed to proprietary products/methods that haven’t been proven on the market), you can rest easy knowing these tools receive regular updates and patches in kind.

 

About the Author

Chris Park

Chris Park, CIO, iboss

Chris Park brings more than 13 years of experience in corporate network security to his position as CIO at iboss, where he is responsible for creating and driving the company's IT strategy. As resident expert in all aspects of iboss solutions and infrastructure, Chris is responsible for iboss' entire IT operation, including network and system engineering, front-end development, data center operations, and customer service and support. Prior to becoming CIO, Chris served in a variety of product management and network architect roles, working with public and private companies to troubleshoot and support their network security infrastructures.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights