The threat of ransomware remains as powerful as ever, and our detection data shows that larger organisations, such as city authorities and enterprises, are the fastest-growing target. According to our data, attacks on employees of large organisations have gone up 17.9% in the last 12 months (from 198,334 in the period June 2017 to end May 2018, to 233,763 for June 2018 to end May 2019), compared to an increase of just 3% in attacks on individual consumers.
This week, the City of Johannesburg had to shut down its website after hackers breached its defences, and issued a demand for ransomware of 4 bitcoins – currently costing a total of about US$30,000. Earlier this year, two small American towns paid up: respectively $500,000 and $600,000. This confirmed to hackers that holding cities to ransom was a crime that paid.
Attacks on urban infrastructure are often worryingly successful, with far reaching impact on essential systems and processes, affecting not just the authority itself but local businesses and citizens. What makes cities a target? It could be the fact that they run vast networks of connected technology that can be hard to update, manage and patch effectively, or because the attackers believe they may be more inclined to pay the ransom to avoid recovery costs that can be many times higher than the ransom fee.
To protect city infrastructure against the threat of ransomware, Kaspersky recommends securing all data, devices and networks with robust security software. But with many non-technical employees, located across many different sites, employee training and awareness is probably the greatest priority.
A useful checklist could be:
- Implement security awareness training to teach all staff to treat email attachments, or messages from people they don’t know, with caution.
- Back up data regularly and ensure you have full visibility of all devices on the network – and ensure they are all protected.
- At the very least, enhance your security solution with a free anti-ransomware tool, for example the Kaspersky Anti-Ransomware Tool for Business.
- For superior protection use an endpoint security solution that is powered by behaviour detection and able to roll back malicious actions.
- Carry out regular security audits of your corporate network for anomalies.
- Don’t overlook less obvious targets, such as queue management systems, POS terminals, and even vending machines. Outdated embedded systems often have old protection, or may not have any protection at all, and they require a solution against modern threats that has been developed taking into account the specific needs and characteristics of such devices, for example, Kaspersky Embedded System Security.
- Always use an endpoint security solution that is powered by behaviour detection and able to roll back malicious actions, as well as application control to track malicious activity in legitimate applications. Specialised devices should be in Default Deny mode. All these functions are included in Kaspersky Endpoint Security for Business.
- For endpoint level detection, investigation and timely remediation of complex incidents, implement EDR solutions such as Kaspersky Endpoint Detection and Response. In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform.
- Provide your security operation team with access to the latest Threat Intelligence, to keep them up to date with the new tools, techniques and tactics used by threat actors.