The City of Racine’s city website, email system, and online payment system were all knocked offline by ransomware early Friday morning. While the city’s Management Information Systems department worked Friday to determine the extent of the infection and began to follow protocols to restore its systems, they were still offline Monday morning. There has been no information released regarding a ransom. City officials stated that they will restore data from backups, using cyber insurance to cover the costs of restoring systems and that they would not pay any ransom.
Having up-to-date backups stored safely offline where they can’t be affected by an attacker is an important defense against ransomware. Refusing to pay any ransom demand is a strong position to send a message to attackers that extortion will not be effective. Ransomware that affects all computers in an organization typically isn’t a sudden infection with zero warnings. Ransomware typically comes after several weeks of network profiling as the threat actors identify key infrastructure to target. The best defense strategy for combatting ransomware is to quickly detect signs of infection on workstations and servers using Endpoint Detection and Response (EDR) tools. By quickly responding to threats, defenders can cut off attackers’ access to compromised systems and the network as a whole.