City power confirmed in a tweet on the 25th of July that the power utility had been hit by a ransomware attack. This attack has compromised its web server, databases, applications, and network. According to the tweet, their IT department is cleaning and rebuilding all affected applications. There is no ETA on when it will be fixed, but for now, the lights remain on.
Ransomware, also referred to as crypto-malware generally enters company networks through email attachments. And while being a global phenomenon, the Kaspersky research shows that South Africa moved up the list of 117 most attacked countries to 31st in 2017.
So how do you protect yourself against attacks? One of the key elements is to provide employees with security awareness training. This is important to prevent them from clicking on phishing links sent in emails.
Of course, if the worst has already happened, what is there to do?
Andy Patel, a security expert at F-Secure, says you need to respond to such an incident in a level-headed manner.
“You’re going to want to start by isolating and remediating affected machines before restoring data from backups and ensure that you have the right protection on your network to prevent it from happening again. Make sure you don’t restore the original infection vector during that process. And when your systems are back up and running, remember to kick off a root cause analysis. Learn from the experience and improve your processes and systems to avoid future infections,” he says.
Of course, simply backing up to a removable hard drive is no longer good enough…
The importance of data means that you need to ensure you have robust backups in place, should the worst happen. As such, the 3-2-1 rule applies – which states that you need to implement three backups of your important data on two different media with one of them being kept offsite. This should be seen as an essential part of any business continuity or data recovery strategy.
After all, can you afford not to keep your sensitive information safe?