What a Ransomware Attack on Tulsa Can Teach Southcentral PA Businesses

On May 10, a city spokesman shared with local news outlets that a ransomware attack had resulted in city website outages and delays, with the Tulsa Police Department among those affected.

What a Ransomware Attack on Tulsa Can Teach Southcentral PA Businesses

With each passing day comes a new headline about a ransomware attack. Emboldened by past successes and widespread cybersecurity vulnerabilities, cybercriminals continue to target organizations with ransomware and other types of attacks. They may gain access to the targeted organization’s network by purchasing stolen access credentials, duping an employee into providing theirs, or through hacking efforts.

Once a criminal or gang has gained access to an organization’s network, they upload ransomware: malware that automatically encrypts files on the network and connected devices. Usually, a ransom is demanded in exchange for a decryption key. However, this demand is often reinforced by the criminal’s threat to publish any files they may have downloaded once they gained access to the victim’s network.

These criminals are usually hard to trace and may be located in countries without extradition agreements, making it virtually impossible for law enforcement to find and stop them quickly. And so the victim, faced with the choice of paying or being unable to operate while seeing trade secrets or embarrassing information leaked online, often pays the ransom.

While there are valid concerns about foreign governments engaging in ransomware attacks for geopolitical reasons, ransomware attacks are carried out more often than not by criminals seeking money. And while similar concerns have been raised about domestic anti-capitalist groups targeting large corporations to make a statement, most of these attacks target businesses of all sizes. Existing IT vulnerabilities and potential payout are more important considerations for attackers than brand strength.

But it’s not only businesses that find themselves are assault. Local and state governments, agencies, and entities have also found themselves besieged by these attacks. One of the most recent attacks targeted the city of Tulsa, which now joins a long list of major metropolitan victims, including Baltimore, New Orleans, Atlanta, and Knoxville.

What Is Known About the Tulsa Attack

On May 10, a city spokesman shared with local news outlets that a ransomware attack had resulted in city website outages and delays, with the Tulsa Police Department among those affected. The attack had occurred on the evening of Friday, May 7. Yet, as per a later report by Tulsa Mayor G.T. Bynum, the attack was detected on Tulsa’s network early, and security measures were deployed. Had the signs of attack not been recognized, the impact could have been far more severe.

While no group has assumed responsibility, Tulsa has been able to rely on investigatory agencies for ongoing insights. It’s also worth noting that the nature and timing of these attack to the recent Colonial Pipeline attack, although no formal connection between the two incidents has been made. Ransomware usually scans multiple computers at once, seeking vulnerabilities, and Tulsa fit the bill. Yet, fortunately for Tulsa, IT investments helped the city stave off the worst possible consequences of an attack. Many other governments, businesses, and organizations aren’t nearly as lucky.

The Rising Rates of Ransomware

According to the Internet Crime Complaint Center (IC3), the number of reported ransomware incidents increases yearly. In 2020 alone, 2,474 complaints concerning these incidents were reported to law enforcement, up by approximately 400 from the year prior. Moreover, this may be the tip of the iceberg, as some ransomware victims do not notify authorities. Others who do often do not disclose all the technical details involved nor the total losses they’ve incurred, including the ransom they may have paid.

As more governments, business, and other organizations pay ransoms, criminals continue and increase their attacks. The FBI has actively discouraged victims from paying ransoms for this very reason. Additionally, the U.S. Conference of Mayors recently passed a resolution encouraging local government officials not to capitulate to ransom demands. Not only do ransom payments encourage criminals to continue this activity, but there is also no guarantee that paying the ransom will stop a criminal from compromising a victim’s system even further.

What the Tulsa Attack Means for Small Businesses

With targets as disparate as the Tampa Bay Times, healthcare company Magellan, and Tulsa, ransomware attackers will target any organization from which they believe they can extract a payout. That means no matter what industry or size a business is, they could easily find themselves in the crosshairs of a cybercriminal or gang. And once they’re deep in your network, you’re just left with an awful choice.

The best course to take is prevention. You must proactively take steps to upgrade your organization’s cybersecurity and identify and remediate all vulnerabilities. Here are three simple steps to take:

Assess Your Current IT Cybersecurity and Strengthen As Needed

Take a hard look at your existing IT security practices and procedures to begin to identify weaknesses and vulnerabilities. Check your access permissions, anti-virus and anti-malware software, automatic updates, and network activity, among other security components. Make sure your measures are up-to-date, continually monitored, and kept current continuously. For the best results, employ an objective outside party.

Provide Regular Cybersecurity Training

Ransomware attacks often occur once an employee has been tricked into providing criminals access credentials or downloading mallard on their employer’s network. Your staff need to be trained on how to recognize suspicious and fraudulent emails, links and other tools used to initiate these attacks to mitigate the risk of your organization falling victim to one.

Develop a Robust Back-up and Data Recovery Plan

In the event criminals successfully penetrate your IT network, you need to be prepared to restore operations from backed-up data that’s been secured in a remote location. Despite the attack, Tulsa was able to resume operations fairly quickly using their back-ups. You must have a system in place to back up your data to restart operations rapidly. If you can, you may be able to resist an attacker’s ransom demands.

If you’re looking to safeguard your business but are worried about the time, expertise, and money needed to do so, we can help. TREYSTA Technology Management works with companies in Southcentral PA, providing managed IT services, technology consulting, and business continuity planning. Leveraging more than 25 years of IT support services experience, we can help you establish the IT resources and security measures you need to run and safeguard your business. Contact us today and let us help you manage and protect your IT.