A True Tale of Two Ransomware Attacks
RANSOMWARE PREVENTION
A TALE OF TWO SCHOOLS
Imagine a world where ransomware didn’t exist. Now, snap back to reality and read a tale about two different schools and how they each recovered from a ransomware attack. As you read, you’ll learn how an effective backup plan and a well-thought-out business continuity strategy is a critical part of your cyber security efforts. The similarities between the schools is that both ransomware attacks were thought to be started by the click of a phishing email. The difference is in their disaster recovery plans.
The Allegheny Intermediate Unit School System, Pennsylvania, U.S.A.
School A, The Allegheny Intermediate Unit school system, DID NOT have to engage with the criminals and were able to use the services of a third-party to get their critical data recovered quickly. When you read the wording on various articles related to this incident, it appears that the school system quickly engaged with their cyber insurance carrier. Their insurance carrier mobilized resources quickly to identify and remediate the attack and then restored from existing backs of critical data. THIS is how the process is supposed to work.
The University of Maastricht, The Netherlands
School B, The University of Maastricht, did not have an adequate plan in place and had to completely shut down information systems and pay the ransom in order to decrypt their computers and servers. The timeline on this attack is interesting; the original compromise occurred a little over two months before their networks were ransomed. Had they had an extra layer of defense like the RealTime Cyber Defense package, they could have potentially caught the attack during this phase.
LESSONS LEARNED?
The lessons that a school [or any business] that has been through an event like this one will make them better at risk-based decisions going forward. Now they know that they are vulnerable to an attack like this and will take positive steps to introduce better prevention and detection processes.
Todd Swartzman, RealTime CISO
TODD’S TAKE ON THE RECOVERY:
After paying the ransom, it was pretty fast to decrypt that many systems and perhaps most were using the same decryption keys – some victims aren’t that lucky and have to juggle hundreds or thousands of decryption keys that really slows down recovery. Part of the decision to pay was based on how much quicker it can be to decrypt machines rather than reloading from scratch. The statement by the university indicates that they may not have had backups of some of their critical data.
summary:
Be sure to have a good backup in place;
Cyber insurance is a great idea;
Adding a cyber security plan could have helped detect the internal attack during the months they “inside” the system rather than waiting.
WANT TO TALK?
Want to talk to our Chief Information Security Officer about a better strategy for your business?