THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Atlanta ransomware follow-up - 04/02/2018After my initial blog about the SamSam ransomware taking Atlanta hostage, the one thing that keeps coming up is the impact that this one attack will have one other cities in the future. There are several things that stick out to me when I’m reading about the attack.
First Things This is the first time that a U.S. city has been attacked by a ransomware and held hostage. (We have had hospitals or private businesses’ files held ransom before).This does not bode well for those initiatives that have been introduced in recent years for the adoption of “smart cities” and the integrated architecture that they will require. This leaves a huge question for those that are in government, what are you going to do about addressing the obviously HUGE issue of securing citywide networks? We are at least luck in that nobody has died as of yet from this attack (let’s hope that still is the case when this is all resolved). Secondly What sort of fines or punishment can this group face (if and when) they are caught? This is a big issue since this is new territory for ransomware. In addition, businesses and law enforcement have been teaming up to take down the bad guys, but other than making things tougher on the city employees, what crime was committed? I’m not condoning the actions of this group at all, and I think that they need to be caught and brought to justice. Nevertheless, there so far have not been any reports of the exfiltration of any data outside of the city network. Is not permitting access to the data, just as much of a crime as deleting it (its called obstruction of justice Hillary) by the use of specially designed malware off the city owned servers? The data still resides on the city servers, just the users can’t access the data. Third Issue With the potential for success in this situation for the attackers, is this gonna spawn additional attacks? The answer to this question is an absolute “YES” and I believe that we will see larger targets effected and copycat attempts as well. While I believe that some will be successful, I also believe that some will not and as the adversary changes how they operate, we will see a continuing lag in the response from IT Security Teams in responding to the threats. Conclusion While this is a situation that I would not wish on any of my colleagues, it is a learning experience that all of us need to take note of. Here are some questions to ask yourself:
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|