After officials in Mecklenburg County, North Carolina, refused a $25,000 (or two bitcoin) ransom demand, malware encrypted data on 48 of 500 of its servers. This ransomware attack essentially took the county offline, and sent the government’s processes back by an estimated 25 years, into the days of paper, says an editorial in the The Charlotte Observer.
For the county, the recovery has been slow-going and painful. The county’s 5,500 workers have had to improvise to continue serving the public. And the Mecklenburg information technology department has been scrambling to get systems back online.
Have Your Cybersecurity Ducks Lined Up
No government or business should ever subsidize ransomware thieves. And in its refusal to pay, Mecklenburg County has done something admirable. As Mecklenburg County CIO Keith Gregg realized, just because you compensate the ransomware artists doesn’t mean they will really unlock your data. Nor does it mean that they will exit your network without leaving in place a virtual backdoor — one that they can reopen at will.
And, luckily, Mecklenburg IT staff rapidly launched a counter attack, which included:
- Disconnecting county systems to prevent the ransomware from dispersing
- Launching the five-phase county cyber response plan
- Resetting all logins/boosting firewall controls
- Rebuilding the county database from backup files
No Use Crying Over Spilled Data, But …
Nobody knows when such disasters, natural or manmade, will strike. And the county, to its credit, had a data backup and restore protocol, as well as a disaster response plan. But, if the county had been just slightly better prepared, the recovery perhaps wouldn’t be so time-consuming and painful. In fact, the Observer article claims Mecklenburg had been in the midst of a $16 million, three-year plan to boost its cyber defenses. Gregg now wants to “accelerate” the project, worried that this won’t be the last time the county deals with ransomware.
But reliable security mostly depends on the human. The ransomware was deployed via a simple phishing scam: A county employee opened an attachment and the ransomware code began to execute. Now, hypothetically, if the county’s cybersecurity plan had included a bit of upfront end-user training, the entire attack could have been thwarted.
And it’s likely a more advanced protection umbrella could have significantly delayed the ransomware’s propagation. Finally, a tested and proven business continuity plan would have predicted (and perhaps reduced) restore times.
Are you ready if ransomware strikes? If not, talk to us at BCS about security.
