Los Angeles at the Epicenter of New Ransomware

It’s a common movie plot that we’ve seen play out a million times. A criminal steals something (or kidnaps someone) and demands a ransom payment to get it back. But this isn’t the movies. And these crimes don’t always target wealthy businessmen or multi-billion dollar corporations. The recent cyberattack on the Housing Authority of the City of Los Angeles, which provides affordable housing to more than 19,000 low-income families across Los Angeles, illustrates that the reality of this disturbing trend can hit our local communities. It demonstrates that no organization is safe and even public institutions and agencies that serve vulnerable populations are fair game.

In September, the Los Angeles Unified School District fell victim to a ransomware attack that potentially exposed the students’ personal information including Social Security numbers, health information and psychological assessments. Not only do these attacks disrupt the systems or the organization targeted and their ability to provide ongoing services to the community, they also put the personal information of the people they serve at risk.

Organizations like these play critical roles in the daily lives of so many people. But the unfortunate reality is that these organizations are often easy targets. They typically operate with limited resources and IT budgets and may not have implemented the most up-to-date systems needed to guard against attacks such as these that will quickly detect them if and when they might occur.

So what can these organizations do to protect themselves and be prepared to respond if they find themselves targeted? A few key things can make a difference. These include:

1. Backup and Disaster Recovery - The first step is to have a plan for what will happen to recover from an attack if one occurs. That means developing a plan and having a robust Backup and Disaster Recovery Solution that can help minimize any disruption to ongoing operations and of services to the community.

2. Detection - Identifying a threat quickly minimizes its potential impact and allows organizations to respond before major damage has been done. Security as a Service solutions tend to be cost effective solutions that enable you to detect and attack a threat before it spreads.

3. Endpoint Protection - Securing devices is also critical to safeguarding organizations from malicious actors attempting to attack or disrupt their operations. Endpoint security helps protect, detect, and respond to these threats for desktops, laptops, and mobile devices.

4. Next Generation Firewall - Having a next generation firewall can protect against known and zero-day attacks and allow you to gain full visibility, detect and remediate ransomware and other threats hiding in HTTPS traffic without performance impact.

Even though most of these measures may sound straightforward to implement, many organizations may not have them in place or completely up to date due to budget and resource constraints. But the key thing to realize is that the cost of responding after the fact will always be greater than proactively addressing it up front. Every organization that has confidential data needs to be able to say they’re doing everything possible to protect it.