Ransomware hits multiple municipalities

You are probably aware of the recent rash of ransomware incidents among smaller Canadian municipalities. Here we look at some of the possible reasons, together with how your municipality can prevent becoming a victim.

First of all, larger municipalities are not immune to ransomware attacks. It’s just that they tend to have more resources and are, in some cases, better funded and so have a more effective defence system set up to help prevent such attacks.

Smaller municipalities in some cases either have no IT department or have a very small IT staff, who are busy taking care of day to day tasks and have little time to spend on security. Knowing this, hackers focus on smaller municipalities to catch them in the trap. If you belong to a larger municipality, don’t stop reading – you are still vulnerable.

Here are some tips that may prevent you from becoming a ransomware victim.

• Ensure your backups are secure and physically separated from your network;

• Keep all computers, systems and databases up to date with the latest updates;

• Train all management and staff on how to recognize phishing attempts;

• Segment your network to prevent malware from propagating;

• Install application firewalls on critical systems;

• Develop an Incident Response Plan so everyone knows their role should a security event occur.

If you do have a ransomware incident, you should be aware of the following:

• You should advise law enforcement agencies so they can add it to their database;

• If you have Cyber Insurance, you should contact your agent or broker;

• Paying the ransom does not guarantee you will get all your data back;

• If takes a lot longer to unencrypt your data (sometimes weeks) than it does to encrypt it;

• There are free tools to unencrypt some types of ransomware;

• You cannot restore your data from backups without checking many things to ensure that it is safe to do a restore.

Remember, prevention is always less painful than remediation.