Small City of Cornelia Dodges Ransom Again in Its Third Ransomware Attack of 2019

The small city of Cornelia in the US state of Georgia, best known among tourists for building a 2.4-ton sculpture of a red apple, is now becoming known for a more heroic feat – suffering its third ransomware attack so far this year and avoiding ransom payments every time.

The city of about 4,000 residents was last attacked in late September after the intrusion shut down billing systems for an entire day, but before attackers got the chance to encrypt anything. A new firewall should take care of similar problems in the future.

Attackers often hit small city administrations and businesses, focusing on targets that can be compromised. The assumption is that small infrastructures are not protected as well, and staff are not trained to deal with problems.

Cornelia, which had no full-time IT employee until about a year ago,  said it dodged the latest attack before the systems were encrypted. Even so, the town lost a day restoring the services from back-ups.

“We did not get to the point of like Atlanta where they actually held us [for] ransom,” Donald Anderson, Cornelia’s City Manager, told AccessWDUN. “We were able to go back to our off-storage back-ups to the day before and get us up and running, but it did shut us down for a day.”

From what the authorities said so far, all three attacks managed to pass through whatever software protection was in place, and the two earlier attacks shut down some systems for several days. Now, the city is looking to pay for a firewall and all of the support that it entails, for the next five years, as the previous solution was 10 years old.

Cornelia’s relatively quick recovery from the attacks is not the norm in ransomware incidents. When criminals get a foothold, they encrypt drives and paralyze the activity of any institution. The good news is that even small towns like Cornelia are realizing the value of online security as opposed to the damages that would incur.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Silviu STAHIE. Read the original post at: