This recent ransomware episode calls several important points into focus. First, it’s important to pay close attention to the way this incident got started. “A county employee in North Carolina clicked on a phishing email…” This is by far the way that the majority of these incidents start, someone clicked a bad email and started a whole chain of bad events. I’ve said it in the last two cybersecurity webinars I’ve presented, educated employees are the single most effective defense we can put in place. We all have inboxes that are bulging at the seams these days, but a heavy dose of skepticism goes a long way towards keeping bad things from happening.
Second, it’s surprising to me that the County didn’t seem to have done any risk assessment and disaster planning before this happened. Now they had to devote a bunch of time trying to decide whether or not to pay the ransom. Ultimately, I’m glad to see that they chose not to pay the ransom. The only way we’re going to slow down this explosion of ransomware is to stop making it so profitable for the bad guys.
It’s disappointing the County didn’t have a solid backup and disaster recovery plan in place before this happened. Thousands of dollars could have been saved if proper planning was done in advanced. With proper risk assessment and disaster recovery planning, the decision to not pay the ransom should have been an instant one, and the recovery from the infection could probably have been completed with a minimum of downtime. It sounds like these County officials are pretty confident that they can get their systems back up to speed, although not 100% sure. They are not really clear at all that they know the process they’ll be taking and how long it will take to complete.