Ransomware Attack Hinders Michigan County Operations
On April 2, the Board of Commissioners from Genesee County, Michigan reported a ransomware attack on their network. Their initial announcement stated that the attack “held hostage” files and demanded payment for their release. The county IT Department was able to isolate the attack and prevent further encryption, but operations and normal business stalled. They expected to restore some of their systems by April 3.
Unfortunately, the ransomware attack was more severe than originally thought. While the department restored their email services on April 6, the ransomware still affected other operations. The county reported a setback in reestablishing operations “due to the aggressiveness of the attack.” They have not released any further updates at the time of writing.
Although the county has not been able to resume normal operations, their data is apparently safe. According to a statement from the county’s board and capital projects coordinator, an assessment showed that the attack only locked their files; it did not steal any data.
A prevalent and persistent threat
Ransomware can affect organizations of different sizes, and most attackers won't choose their targets. The Trend Micro annual security report shows that although detections for overall ransomware-related threats dropped, ransomware is still prevalent in the cybersecurity landscape. Attackers will take any opportunity to make a profit, and the possible profit from a successful ransomware attack outweighs the effort needed to launch it. Just last month, major manufacturing companies were seriously affected by the ransomware LockerGoga. The costly attack hindered operations and production across several plants.
Organizations need layered and efficient security to defend against ransomware. Here are some of the best practices that organizations should follow:
- Regularly back up files. Backup copies of critical data eliminates a ransomware attacker's leverage.
- Keep systems and applications updated. Install official updates or use virtual patching for legacy or unpatchable systems and software to patch exploitable vulnerabilities.
- Enforce the principle of least privilege. Secure system administrations tools that attackers could abuse, implement network segmentation and data categorization to minimize further exposure of mission-critical and sensitive data, and disable third-party or outdated components that could be used as entry points.
- Secure email gateways. Securing email gateways thwart threats that arrive via spam. Users should also avoid opening suspicious emails.
- Implement defense in depth. Implementing additional layers of security like application control and behavior monitoring helps thwart unwanted modifications to the system or execution of anomalous files.
- Foster a culture of security in the workplace. Awareness of the latest threats (and how to avoid them) helps secure the organization from digital attacks.
Trend Micro Solutions
Trend Micro XGen™ security provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints. It infuses high-fidelity machine learning with other detection technologies and global threat intelligence for comprehensive protection against advanced malware. Smart, optimized, and connected, XGen™ powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale