Ransomware attacks have plagued hospitals, companies, schools and governments for many years and the situation has gotten worse over that time.
Sadly, too many organizations do not take the simplest steps to protect themselves.
Here is the general problem – a simple click on a malicious link – disguised as a real email from someone the user trusts is all it takes to lock up an entire computer network – it could be a few computers or as many as thousands.
A single virus/attack could cause more than $10 billion in damage – such as the NotPetya attack, which was so malicious, it locked up files without allowing them to be restored.
To be clear, attackers can also infect computers if they haven’t been patched – they use known vulnerabilities to get into a computer on the internet and from there, spread their maliciousness throughout an organization.
This weekend we told you about the latest high-profile attack – New Orleans, which has declared a state of emergency due to ransomware.
Interestingly, public reports cite the lack of a ransom being asked for at this point.
Other public information is the city is back to using pen and paper- amazing.
We reached out via phone to New Orleans mayor LaToya Cantrell’s office to find out what the status of the attack is. We were transferred to voicemail. We did not immediately hear back. In addition, we reached out via email to [email protected]. Again, we have not heard back – immediately, anyway.
The website is down - except for the emergency notice we posted at the top.
Sadly, this attack is part of a pattern – organizations take these threats seriously AFTER they are attacked.
Even then – it seems they do this for a few months and then often forget they can still be targeted.
Every organization needs to be vigilant. We just reported that holiday phishing messages are out there – waiting to be clicked on. Users should be aware of this. In addition – shocking stats show 71% of businesses hand over their credentials to phishing emails!
Hacks can also be from the inside – like this one at Trend Micro.
And yes, they can target the same organization or area, over and over again. We reported less than a month ago that Louisiana government computers were hit with ransomware – during the election!
How do you stay secure or at least drastically reduce the risk? Follow these three steps to start:
1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.
2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.
3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined