On 24 July, 2019 the State of Louisiana actually had to declare a state of emergency over what appears to have been a ransomware attack against at least three of the school districts within the state. So far, the districts impacted include Sabine, Ouachita, and Morehouse parishes. The attacks seemed to impact various information technology resources as well as the phone systems.
Formal State of Emergency
The formal state of emergency allows for the use of the Louisiana National Guard, the Louisiana State Police and the State Office of Technology Services by these local districts. In 2017 the Louisiana state governor established the Louisiana Cybersecurity Commission to help educate, prepare for events such as these, and provide a key hand in remediating damage and recovering from such an attack. Various state agencies are now coordinating on this attack, gathering additional data, and communicating with the Federal Bureau of Investigation.
All in all, like many other city, municipality, or state directed attacks, this attack may be quite expensive to clean-up and remediate. Lost productivity cannot always be calculated easily but we see from other major reports that it can be substantial. Lost funds may have been used for actual payment of the ransomware attack, and for recovery of data, which sometimes may be required even if the ransom is paid.
External cyber consultants, accountants, and a myriad of other staffers are often required to assist with the recovery of data and resumption of normal services.
It’s Deja Vu all over again!
Remember the City of Atlanta press coverage? The City of Atlanta had to spend over $2.5 million on emergency information technology services contracts to help remediate and recover from a SAMSAM ransomware attack which impacted a multitude of city services for several days. It was a mess and received substantial press coverage for a number of weeks.
The state of Colorado similarly had to spend substantial funds to remediate and recover from a ransomware attack that impacted many thousands of computers at the Colorado state department of transportation (CDOT). Colorado state expenditures have been estimated at approximately $1 to $1.5 million as reported so far. It seems to have taken many months to recover from the event and in some internal systems complete recovery could not be achieved.
Successful Ransomware Attacks now Entirely Preventable
The most important lesson to learn from all of this is that a successful ransomware attack is now entirely preventable. Many important state, city, and municipal institutions have started to make the investment in deception technology so they can put an end to ransomware anywhere within their enterprise.
Deception technology can detect ransomware quickly – more quickly than other technologies. Deception technology can alert on both known, and unknown ransomware attacks and provide confident and rapid detection.
It does not matter how the ransomware is delivered – deception can handle it all. The malevolent code can come from a compromised website, email attacks, infected USB memory stick, or directly from a malicious actor. Deception works with all of the file types that may be used to transport malware into your enterprise.
Deception Technology – the best solution for detection of ransomware
Why is deception technology by far the best solution for the detection of ransomware? The answer – Acalvio’s ShadowPlex Deception Technology can identify ransomware, from any source, at any stage of deployment, and with the highest accuracy available. Deception technology is not conditional, nor probabilistic. The detection is absolute and 100% certain. Deception technology provides virtually flawless detection to ensure that the ransomware is identified, and then rapidly shut down. Speed and accuracy combine to meet and defeat ransomware threats.
Beyond ransomware, there are many other benefits to be found by investing in deception technology. Deception technology can rapidly and decisively identify attacker command and control which is hidden away in your networks, embedded processors, your internet of things (IoT) devices and much more. Malware, attacker tools, or malicious insiders – it doesn’t matter. At any point in time when they touch a deception decoy, Acalvio ShadowPlex will identify them immediately and conclusively. We will then issue a very high integrity alert for action by your SOC team responders.
In summary, Acalvio deception technology is optimized and well architected to protect state, city, and municipal networks against ransomware and many other threats. Ransomware can be detected and shut down. There is no reason to expose your agency to the threats and high expense of a successful ransomware attack. Our high accuracy, ease-of-deployment, and broad spectrum of protection will help your government entity avoid the extreme financial costs of a successful ransomware attack.
If you want to know more about how Acalvio ShadowPlex can protect your agency from ransomware, please review our resource page here: https://www.acalvio.com/our-blog/resources/ or contact us for a free trial. We’d be pleased to introduce you to our latest technology and share confidential information about customers that have used Acalvio ShadowPlex to shut down the most difficult ransomware attacks.
Authors
