Unhappy New Year: Ransomware Attacks Hit Schools, Hospital, California City
Cybercriminals launched ransomware attacks against at least 269 organizations last year, and they have shown no signs of slowing down in 2020.
Several ransomware attacks have been reported during the first few days of 2020, including:
- Contra Costa County, California: Hackers used ransomware to shut down the online network of 26 Contra Costa County library branches, according to KGO. County officials indicated that there is currently no Wi-Fi or printing available at affected library branches.
- Richmond Community Schools: Cybercriminals seized control of the servers at Richmond Community Schools in Richmond, Michigan, CBS News reported. They demanded a $10,000 ransom to return control of the affected servers, and Richmond officials have refused to pay the ransom.
- Enloe Medical Center: Hackers used ransomware to encrypt and block access to data at Enloe Medical Center in Chico, California, Enterprise-Record reported. They also deactivated the medical center’s hospital and clinic phone systems.
Furthermore, the City of Seal Beach, California and Maastricht University in the Netherlands experienced ransomware attacks in late December 2019. The Seal Beach ransomware attack occurred December 24 and was disclosed December 31, and the Maastricht University ransomware attack took place December 23.
How Can Organizations Combat Ransomware Attacks in 2020?
There is no “silver bullet” to combat ransomware attacks in 2020, according to anti-malware and antivirus software provider Emsisoft. However, there are many things that organizations can do to limit the impact of ransomware attacks, including:
- Develop and implement baseline security standards.
- Create and execute a security budget.
- Leverage threat intelligence.
MSSPs also can help organizations keep pace with ransomware attacks and other cyber threats. They can provide managed detection and response (MDR), security information and event management (SIEM) and other security services that allow organizations to combat cyber attacks both now and in the future.
MSPs Fighting Cyberattacks: Basic First Steps
To get ahead of cyber threats, MSSP Alert and ChannelE2E have recommended that readers:
- Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
- Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
- Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
- Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
- Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce, and MSP-centric cyber events like PerchyCon 2020.