What to Learn from San Fransisco Muni Ransomware Attack

We live in a world where malware and malware attacks are very common. The latest buzz in the malware world mostly concerns ransomware, which has been seen to cripple organizations and companies and forces them to pay ransom to get back on track again.

It was in November last that San Francisco's Muni light rail public transportation system fell victim to a ransomware attack. This high-profile ransomware attack, as later revealed to the media by the attacker, was not pre-planned or deliberate. It just happened by chance when the automated malware found its way to the servers at the San Francisco Municipal Railway. The ransomware that struck is believed to be based on the HDDCryptor, or Mamba strain. This strikes whatever it finds and it was thus that it got into the Windows 2000 servers at Muni as well. The attack was overcome soon, and in an effective manner. Since counter measures were already taken and the agency in charge had taken backups, services were soon restored and expenses were rather low. The San Francisco Municipal Railway also clarified that the payment systems were not hacked and no customer data was stolen.

Well, what do we learn from the Muni hack and other such ransomware attacks? Well, there are many things that we need to learn from such attacks. The first thing pertains to the inevitability of such intrusions, in today's context. Ransomware attacks can be seen as part of the new reality and now we have arrived at a stage when every day more than four million data records are lost or stolen. Today every organization needs to be prepared for breaches, which can happen anytime.

A major thing that organizations now have to realize is the importance of keeping data encrypted. The sensitive personal data of people, including payment data of customers, plus other personal data need to be kept encrypted. Another important aspect to be taken care of is patch management. Organizations need to perform regular patch management of their systems. Just take the case of the Muni attack. It seems, as per reports, that the ransomware exploited a Java vulnerability with a freely-available patch, which has been available for quite some time. Most such attacks seek to take advantage of unresolved patch management and exploits old, known vulnerabilities.

Yet another lesson that we get to learn from all security breaches pertains to the role of the people using the systems. Yes, the human element. Every organization should opt for better and clearly defined role-based access control definitions. People have to be trained on all aspects of security and two-factor authentication has to be emphasized on. Basic security education of people is vital to the security of any organization.

Last, but not the least, is the capability of surviving and overcoming a breach when it actually happens. Every organization needs to have a mechanism or process in place for that.