SMB Lessons from the Atlanta Ransomware Attack

March 30, 2018

As Atlanta struggles to recover from a ransomware attack that has crippled city services, organizations should reevaluate their security posture to ensure they are protected against cyberattacks. Small businesses in particular should be conducting security assessments because hackers view them as easy targets.

Splashy cyberattacks on big targets such as Atlanta and companies such as Sony and Target get a lot of attention, but that doesn’t mean cybercriminals spare small businesses. To the contrary, small businesses are prime targets – just like larger companies. A 2017 Ponemon Institute study revealed that 61 percent of small and midsize businesses had been breached in the previous 12 months.

What Atlanta Means

But how is the Atlanta cyberattack relevant? It shows that all organizations, regardless of size and resources, are vulnerable. In Atlanta, the ransomware struck on March 22, and seven days later the city was still reeling.

Ransomware locks users and organizations out of their data, and restores access only after ransom is paid. The Atlanta hackers demanded about $51,000 in Bitcoin. City officials haven’t disclosed whether they agreed to pay.

The effects of the attack have been widespread. It hobbled the municipal court, prevented residents from paying water bills and traffic tickets online, forced police officers and other city employees to write reports by hand and took down WiFi at the world’s busiest airport, Atlanta International. Even after employees were told they could use their computers again, a lot of systems were still out.

The New York Times called the event “one of the most sustained and consequential cyberattacks ever mounted against a major American city.”

Protect Your Data

The Atlanta cyberattack offers lots of lessons. Chief among them is all organizations need to anticipate and protect themselves against debilitating ransomware. Here are five concrete steps small businesses can take immediately:

1. Back up critical data – If your company has been inconsistent in backing up important business data, a ransomware attack could make it impossible to recover some of it. Even paying ransom doesn’t guarantee recovery because attackers have been known to renege after getting paid. Cloud-based backup services can be activated quickly if you don’t have one yet.

2. Educate users on phishing – Tricking users to click infected URLs and attachments is one of the most common ways for hackers to deliver ransomware. Work with security experts to train employees on how to identify and report phishing attempts. The more knowledgeable users are, the less likely they are to make a mistake that results in cyber attack.

3. Apply security patches – Another common way to deliver ransomware is through vulnerabilities in software applications and systems. That’s why businesses should never ignore security patches. Implementing an automated patch management system is the most effective way to ensure patches are properly tested and deployed when vendors release them.

4. Implement endpoint security Endpoint protection includes antivirus scans and, increasingly, advanced protection against previously unknown malware, zero day attacks and new ransomware variants. Embedded machine learning technology sifts through data to spot malicious code. Review your current endpoint security to determine if you’re getting all the protection you need.

5. Firewall Protection – By itself, a firewall cannot protect your business from ransomware and other forms of malware, but it’s an essential component of good security. Firewalls block unauthorized content from your network and can be programmed to deny access to IP addresses known to deliver ransomware. Check to see if your business has a firewall in place and whether it is up to date.

How long it will take Atlanta to fully recovery from the ransomware attack is anyone’s guess. But one thing is certain: More attacks will follow, so make sure you have the security you need.

Learn how to protect your small business from a ransomware attack. View the cyber security tip guide.

Cyberattacks occur daily. To protect your business, you need to understand the different threats it faces.

Locked Content

Click on the button below to get access

Unlock Now

Or sign in to access all content on Comcast Business Community

Sign Up

for our newsletter


Learn how Comcast Business can help
keep you ready for what's next.



for our newsletter