In the shadow of the ransomware attack against the Colonial Pipeline, ransomware has caught the American public’s attention in a way not seen previously. Whether it is dealing with the repercussions of the takedown of critical infrastructure or making paying utility bills difficult, the effects of ransomware can impact almost every aspect of life here in the US. The cost it has for the US will likely not go unanswered, and developments on how to deal with ransomware broadly will be seen in the months to come. In the meantime, local governments can take lessons from other incidents to prevent and prepare for recovery from ransomware attacks. Having a robust backup and restore capability is the foundation of a resilient IT administration program. It is also important to implement 24/7 monitoring of computer security events and respond to alarms in time to stop intrusions in the early stages. Quite often, all the signs of an attack in progress are available in the event logs, but if nobody is watching and interpreting the events, these important warnings don’t do any good to prevent disaster.

Reference:
https://www.bleepingcomputer.com/news/security/city-of-tulsas-online-services-disrupted-in-ransomware-incident/