Lessons From a Company that Successfully Beat Ransomware

Ransomware is a dangerous malware that all businesses fear. Although, if the right precautions are taken, a ransomware attack can be completely thwarted. A recent hack attack of the San Francisco Municipal Transportation Agency provides us with a real-world example of this, which helps make ransomware appear a lot less formidable.

Characteristic of ransomware, the attack locked transportation agency employees out of their workstations and disabled other systems. As a result of such widespread system failure, the agency was unable to collect payments for fares at their many ticketing kiosks, seeing as each kiosk could only display the message “you hacked. ALL data encrypted.” However, the agency still managed to operate by accepting cash payments for fares or not charging for rides while the system was down.

The hacker or group of hackers responsible went by the username Andy Saolis. In exchange for the decryption key, the hackers asked the agency to fork over approximately $73,000 worth of Bitcoins. In an odd twist as to why the hackers targeted the public transportation agency, an email revealed misplaced Robin Hood-like motives, “They give Your Money and everyday Rich more! But they don’t Pay for IT Security and using very old system’s !” However, an investigation by the FBI into the Andy Saolis account reveals a less-than-noble history of hacking several private companies.

Instead of bowing to the hackers’ demands, officials elected to restore their system from a backup copy. Essentially, they called the hackers’ bluff and came out on top. Upon enlisting the help of hackers of their own to assist with stopping the attack, the agency discovered that the hackers had only gained access to 25 percent of the agency’s network and made off with no data. This stands in contrast to the hacker’s online claim that they stole financial information from the payment kiosks, as well as 30 gigabytes of sensitive data pertaining to the operations of the agency.

While your SMB may not be able to employ the services of the FBI or vigilante hackers to strike back against those who hack your business; or, even be in a position to offer your services for free during a blackout, you do have the ability to maintain backed up copies of your data so that you can revert back to these copies should a ransomware attack ever befall your organization.

Additionally, by taking advantage of security best practices like using complex passwords, two-factor authentication, and security solutions like firewall, spam blocking, and content filtering, you’ll be able to safeguard your network from getting hacked in the first place. To make sure your network is equipped to thwart a malicious ransomware attack, reach out to Macro Systems at (703) 359-9211.