Lessons Learned From Chenango County’s Ransomware Attack

Dangerous cyberthreats don’t just affect major businesses—they are just as likely to hit close to home.

In fact, just two weeks ago, a ransomware attack left half of the computers operated by Chenango County held hostage by hackers, who demanded $90,000 to surrender access to the files. Learn how Chenango County was able to say “No” and recover their data.

Breaking Down the Cyberattack

In early October, approximately 50 percent of the computers operated by Chenango County were the subject of a ransomware cyberattack. The attack locked the employees' computers resulting in the staff being unable to work or access files. The hackers demanded $450 per machine, $90,000 in total, to release the computers. Chenango County Director of Information Technology Herman Ericksen refused to pay, which was the right course of action. There have been other municipalities, businesses, and organizations that ended up paying similar ransoms, only to be attacked again. Paying the ransom only ensures that this grift keeps working in favor of the hackers.

So, how did the hackers get in?

Good Password Hygiene is Key to Keeping Your Data Safe

According to Mr. Ericksen, the hack was due to compromised login credentials, most likely from a remote worker. The current crisis is placing incredible strain on many organizations to remain productive and secure. This stress for efficiency significantly weighed on organizations with a large workforce, who found themselves suddenly working remotely. 

One thing to consider when working with your staff is that they tend to handle your security protocols similarly to their own security habits. If they aren’t educated on best practices, they probably aren’t following them. To help you and your team develop better password management, here's our definitive guide on password best practices.

This is a perfect example of a user missing the mark on proper password hygiene:

Let’s say an employee uses a strong password with numbers, capital and lowercase letters, and symbols. That’s great—a good start. Let’s say that this employee uses that same password across multiple accounts. This immediately weakens your security.

If one of those accounts suffers from a data breach, that password is now compromised. It’s a common practice in a cybercriminal’s playbook to pull from a list of compromised usernames and passwords when trying to break into a system. They understand that many users use the same password over and over again. Let’s say Facebook were to suffer from a data breach and a million users’ passwords and usernames were stolen. Cybercriminals will take those credentials and try them elsewhere—on Paypal, Gmail, Outlook, and bank accounts. Chances are, a percentage of them will work.

This Story Could Have Turned Out Differently

Fortunately, Chenango County was able to regain control of their data. Other organizations haven't been so lucky. Not only have companies and schools been targets of ransomware attacks, but even government entities, such as a Georgia municipality. 

In some cases, the targets paid and received access to their data; in others, they paid and received nothing or partial restoration. The main factor in whether or not a ransom was paid was how confident the target was in their ability to restore their data. In other words, whether or not there was a backup.

Are You Backing Up Your Data?

As we saw with Chenango County, having a backup alleviates many problems, whether due to human error, a natural disaster, or a cyberattack. When it comes to your data, being forewarned is forearmed. As this attack has proven, data has value, and your data is your most valuable asset, regardless of the size of your organization. Being a smaller business (or county, for that matter) won't keep you from being targeted by hackers. The only sure way to protect yourself from a ransomware attack or any disaster is to follow best practices for your data backup and recovery plan.

Lessons we can learn from Chenango County's Response

First of all, don't pay the ransom. You have no guarantee the hackers will release your data or, worse, won’t attack you again at a later date, as you have shown you will pay them. Chenango County was able to refuse to pay the ransom because their data wasn't at risk. Due to their planning and foresight, Chenango County had their data backed up and recoverable, removing the leverage the hackers thought they had.

The mistake the cyberhackers made was that they assumed that, because Chenango wasn’t a big county, they didn’t have protocols in place to keep their data safe. This assumption wasn’t necessarily misplaced as many smaller organizations don’t believe they are big enough to attract the attention of cybercriminals, and don’t have such safeguards in place.

The reality is SMBs are never too small for hackers. Data is valuable regardless of the size of the organization.

Can Your Data Survive a Disaster?

Here's a simple test. Can you—right now—erase all your company's data and be able to recover it? That's the action Chenango County had to take to regain control of their compromised computers. Once the infected systems were wiped clean, removing the ransomware, Chenango County had nothing to fear from the hackers. 

However, this action was only possible because they had their data backed up and could recover it.

If you can't recover your data if something happens to your computers, your business isn't secure. Your data is your most valuable asset, and if you don't protect it, you're one incident away from perhaps having to close your business. Directive can help you secure your data with the best security solutions available. Don't let your business be held hostage. Call Directive today at 607.433.2200 and protect yourself and your business.