On May 24, Quincy Mayor Mike Troup said the city had spent about $150,000 on outside consultants and $500,000 on an encryption key to regain access to Quincy’s information services systems. the city.
The City Council on May 23 approved an emergency payment for cybersecurity consulting, emergency procurement and retention from Mullen Coughlin, LLC, of Devon, Pennsylvania, and Kroll Associates, Inc. of New York for the information security services and cyber-cryptocurrency and ransomware. trading service.
The Federal Bureau of Investigation and the Department of Homeland Security advise entities not to pay ransoms. The Gartner Group, one of the world’s leading information technology research firms based in Stamford, Connecticut, lists several reasons not to pay.
- Encrypted files are not always recoverable.
- Only 65% of data is recovered on average, and only 8% of organizations recover all data.
- Data recovery can take several weeks.
- There is no guarantee that hackers will delete what they have stolen.
However, many organizations find themselves in a position where they have no choice. Regardless of the protection used, information theft is always a chance.
Jen Miller-Osborn is Deputy Director of Threat Intelligence at Palo Alto Networks, an American multinational cybersecurity company based in Santa Clara, California. She said: “Nothing will ever be 100% (secure). You know, there will always be that chance of something that just hasn’t been seen or of a day zero (attack) in particular.
What’s an organization to do?
“The key first step is (for a business) to have a plan in place to respond to incidents,” Miller-Osborn recommends. “Protections are key as well as setting up federated protections.”
Federated? According to Miller-Osborne, ideally all of the disparate systems communicate with each other, recognize when abnormal behavior is occurring, and provide some kind of alert.
“When you look at how quickly some of these intrusions spread, especially ransomware, you can’t count on just one person to see that alert and isolate that machine fast enough,” she said. “It has to be done at machine speed, where this behavior is seen, this attempt to spread to other computers. It automatically triggers defenses that take these systems offline.
Why not use backup and restore your system?
“I’ve unfortunately been involved in a number of incidents where the backups were either also encrypted because they were available from the mainnet, or they had some sort of other data quality issue where they weren’t actually not able to use them to restore,” Miller-Osborne said.
Rather than paying the ransom, create a new mail server. Right?
Not so fast, according to Binto George, professor of computer science and network technology at Western Illinois University.
“That’s actually an interesting question. The problem, again, is data,” George said. “A server is only as good as the data it stores. If the data is encrypted, you are blocked.
Troup said at the May 9 city council meeting that the attack apparently started at the Quincy Public Library before spreading to other departments. Not surprisingly, the attack came through the library, which by its nature is open to everyone.
“People can resort to searching online for things, downloading things (which unintentionally contain malware) or someone using a USB drive. These are all ransomware vectors,” George explained.
Municipalities can be easy targets.
“To be completely honest, because attackers know they don’t have the resources and money invested like larger organizations, they know they are more likely to have an easier time compromising them” , Miller-Osborn said. “While they don’t bring in as much money to a municipality, you can do them in volume. They can add up.
George said that funding issues are a problem that most information security managers face because if something like this doesn’t happen it’s very difficult to come up with a business case for asking for a funding.
“The reason is that this leadership is focused on business and day-to-day activities,” George said. “Especially if you have a very safe city, you always feel like you trust people more. You would kind of assume that OK, everything will be fine. Situations like these put the IT department in a tough spot, according to George.
“Here’s the problem,” George said. “As an administrator, you have to be 100% right all the time. If I’m an aggressor, they don’t have to obey the law. All they want is to be right once.
Miller-Osborn suggests that at some point a trading decision must be made about investing versus risk and where you are going to be comfortable.
“Unfortunately, especially as we move forward and more and more things are interconnected, this is going to continue to become a bigger and bigger issue,” she said. “In districts where they are not able to secure things, attackers recognize that they are easy ways to potentially get money because they don’t have those protections in place.
“The only thing that’s going to make them safe is spending on the protection side.”
George says situations similar to the one that happened in Quincy aren’t really anyone’s fault except the people trying to do this.
“The world isn’t perfect, and there are groups of people who are always out to attack,” George said. “Therefore, it is wise to spend money and budget money for cybersecurity.”
Miss Clipping Out Stories to save for later?
Click the Buy a Story button below to order a print of this story. We’ll print it for you on matte photo paper to keep forever.