A wave of ransomware attacks on public schools in the southern U.S. state of Louisiana has prompted an unusual response, as the governor declared an official emergency to kick-start a coordinated response by several state-level law-enforcement and technology agencies.
This latest ransomware attack, which locks up the data on computer systems and only provides the key to free up the data if the victim pays an online ransom, continues a global wave of similar attacks that lately has targeted municipal governments as well as the healthcare and manufacturing industries.
A new trend joins the existing ones
The incident reflects two important cybersecurity trends as well as one notable new one, namely:
- Cybercriminals (in some cases helped by state-actor sponsors) are largely focusing their ransomware efforts on public institutions and private-sector corporations. Their rationale is obvious: these larger targets not only are typically in a better position to pay the extortion to restore access to critical data, but in many cases have other incentives to cave to the criminals’ demands. In the case of healthcare, patient lives may be at stake In manufacturing, downtime can result in daily losses running to tens or hundreds of thousands of dollars In the public sector, officials face embarrassment and voter outrage if they do not respond swiftly and effectively to restore citizen-facing services and the education of children, both of which are increasingly reliant on online applications. Municipal governments across the US especially have garnered humiliating headlines in recent months for being caught unprepared for expensive, destructive ransomware attacks.
- Despite having presumably better tech skills and resources than consumers, many businesses and public institutions remain largely unprepared in both defenses and responses to ransomware attacks. Cybersecurity best practices here are clear: Keep critical systems and applications up-to-date, especially with critical security updates. Many ransomware attacks take advantage of security vulnerabilities that are already known but for which the relevant patches have not yet been installed. Make sure that critical data is backed up regularly to diverse locations and media (including the cloud) and that the backup copies themselves are hardened against malware attacks. Train users to be wary of the most common infection tactics, namely opening malicious links in or attachments to phishing emails. Complement traditional anti-malware defenses with newer technologies like artificial intelligence and machine learning to identify and stop ransomware in response to its behavior rather than an easily camouflaged virus signature.
A broad lack of preparedness has left many ransomware victims facing the difficult choice of lengthy operations to restore systems from outdated backups, or ignoring the advice of law enforcement and cybersecurity professionals by paying the ransom and hoping that the promised remedy from the criminals actually works – when many discover that it doesn’t at least half of the time.
Louisiana’s response
Having a plan in place like Louisiana’s to coordinate tech and law-enforcement resources is a good idea, at a minimum from a public relations perspective. It remains to be seen how quickly the state will be able to recover its crippled public-school systems’ data and at what cost. In the meantime, the ability to get ahead of the news by firing up a seemingly forceful, well-thought-out plan at least enables the troops to focus more on solving the technical problem and less on dealing with the negative press and political fallout.
The fact remains, though, that without complete, intact and recent backups, the state may not actually be in any better position to resume tech operations in the afflicted schools than the municipal governments of Atlanta, Baltimore, or several cities in Florida, to name a few high-profile ransomware victims.
Outstanding questions
The attack in Louisiana provides another reminder that ransomware remains one of the cybercriminal underworld’s most lucrative and effective weapons, capable of not only harming public-sector services and private-sector bottom lines, but potentially crimping the careers of political, executive and tech leaders who are caught unawares by an attack.
Having an effective, coordinated response like the state of Louisiana is a good public-facing start, but other important questions remain. How quickly can your tech teams restore your operations in the wake of a ransomware attack? More to the point, what measures are you implementing to detect and prevent ransomware attacks from occurring in the first place?
Final thought
Judging from the steady drip-drip-drip of news stories from the past year – each outlining yet another devastating ransomware attack – these questions are not going away anytime soon. That is unless organizations start adopting the next-gen strategy of cyber protection, which combines traditional data protection with innovative cybersecurity to ensure the safety, accessibility, privacy, authenticity, and security of data.
This integrated approach, found in business solutions like Acronis Backup, eliminates the defensive gaps created when using a patchwork of several solutions. As a result, organizations become #CyberFit, developing the resiliency to withstand any data loss event.
If you’re ready to start looking for some answers, Acronis can help. You can experience what modern cyber protection looks like with a free 30-day trial of Acronis Backup.
Are your IT needs met using a service provider? You can get the same cyber protection if they have Acronis Cyber Cloud, which delivers reliable backup, fast disaster recovery, and effective anti-malware services through a single platform.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.