Monday, December 9, 2019

County's Proactive Response to recent City of Pensacola Ransomware Attack



from staff....

“With permission from the City of Pensacola’s IT Department,   I wanted to make you aware that FDLE is assisting the City of Pensacola with a cyber-attack that occurred over the weekend. 

  Once we found out that the breach had happened, BCC-IT shut their connection to the BOC network by disabling their two connections into our network. We also performed the following over the weekend:
1.       Notified our Security Operation Center(SOC) of the event and requested they put our network on high alert. This increased our alert activity through the day and our Cyber team has been responding to the events.
2.       Notified CISA and gave the City of Pensacola their contact information.
3.       Notified DHS and talked with them over the weekend.
4.       Monitored Firewall and Antivirus logs

Today we met as a Leadership team and have performed the following:
1.       Elevated our Antivirus policy to be more aggressive
2.       Continued to monitor our Firewall and Antivirus logs
3.       Continued to receive events from (SOC).
4.       Shared information with City of Pensacola and the Sherriff’s office.

To provide greater protection to the County network we plan to implement the following changes:
1.       Provide alerts on all emails coming from an external source.                
2.       Turn off the ability for employees to access their Personal Email and Social Media Accounts.
3.       Upon login, users will have to click an OK to a Legal notice which will basically state they should have no expectation of privacy while using a county device.
4.       Once logged in, a machine will automatically lock after 15 minutes of inactivity.  We will have an exception group, but it will be limited to business-critical operations.
5.       Limit the use of USB devices 
6.       Limit Administrative rights
7.       Not allow users to write to their local C: Drive
8.       Require users home PC be up to date with Endpoint protection and the latest Windows Security patches before remoting into a county device
9.       Implement a county Phishing Email campaign and Security Awareness training" 


2 comments:

  1. I understand the offensive guardrails, how about the fence post to deflect the risk to the citizens that are potential victims from this exposure so they can live in an environment of social responsibility to live their best going forward. Offense wins games, defense wins championships... a culture shift to compliment. Thank you for what you do - just another perspective.

    ReplyDelete
  2. That's Awesome! Looks like they will be doing what they should have been doing all along, as that list is all standard things that any security team should have already been doing. Not knocking what your passing along. Let's check that progress in the next six months.

    ReplyDelete

Abusive, profane, and/or off-topic posts will not be allowed. Unprovoked ad-hominem attacks will not be tolerated. All posts are subject to moderation, posts that violate these policies, spam, posts containing off-color language, and any other inappropriate comments or content, as determined by the blog administrator, will remain in moderation and may not be added on the site. This site is not my campaign site, but in an abundance of caution I will offer the below disclaimer.