Ransomware Is no Match for Livingston County
A county in Michigan ratchets up security and protects against ransomware through a combination of tools, including a new backup and recovery solution.
Over the last few years, ransomware has emerged as an epidemic and has crippled businesses, educational institutions and government entities.
"Traditional security controls are not very effective at stopping this form of malware," states Rich Malewicz, CIO for Livingston County in Michigan, which serves more than 180,000 citizens west of Detroit. "We realized that we had to find a better way to thwart an attack and protect critical data."
Malewicz, who became CIO for the country in 2013, began exploring ways to reduce the risk of data loss. One of the first things he noticed: "The common denominator for organizations that are crippled by ransomware is that they do not have necessary backup systems in place. When an effective ransomware attack takes place, they have no recourse other than to lose the data or lose the money."
Although businesses are often the target for these attacks, he says that he has encountered local governments and even police departments paying ransoms to recover locked data.
In 2015, Malewicz recognized that the existing backup system for Livingston County was woefully inadequate. Too often, files on the storage array became corrupted or were completely unavailable for recovery. But the problems stretched deeper for the county.
"When we ran the backup system every day, people were severely impacted," he recalls. "You had to have all your work completed because the network would come to a crawl. At that point, you couldn't get anything done, including handling emails."
Searching for a Better Backup System
The county began looking for a better backup system. Malewicz wanted to use technology that would run atop Linux and a Secure Hash Algorithm 2 (SHA-2), which delivers strong cryptographic hash functions.
After completing an extensive security assessment and surveying vendors, the county selected a backup and recovery solution from Unitrends. One of the key selling points, he says, was the system's ability to identify ransomware by detecting changes in file structures as a backup occurs. The county switched to the new backup system in January 2016.
The platform has already paid dividends. Malewicz says that the system has alerted staff to several attempted ransomware attacks. In addition, a Mimecast malware detection system has helped detect emails with bad links, and FireEye cyber-security software has spotted other malware attacks and blocked dangerous code. In addition, the county provides ongoing training for employees so that they better understand how to avoid infections and exploits.
The Unitrends system conducts two backups a day using both incremental and full backups, as needed. Any loss of data would be limited to the period between the two backup points. Malewicz says that the county is looking to further reduce the window.
"We have reached the point where the odds of a ransomware attack succeeding are slim, ," Malewicz explains, "and if an attack actually succeeded, we'd have all key files backed up. It would be an inconvenience, but there would be no need to pay the money.
"The goal is to reduce the attack surface as much as possible. Through machine learning and AI, we have improved our security posture. We now have a backup platform that serves us well for virtually any type of failure or attack."