Having backups in place, and a process to restore from them, goes a long way to being able to flick the metaphorical bone at ransomware. Then there’s luck…:
[…] Mitchell attributes the relatively minor impact of the infection to luck, skill and the city’s IT architecture.
The luck element has to do with the fact that the malware intrusion began over the July 4th holiday. Holidays and weekends are apparently a common time to launch ransomware attacks because IT staff tends to be scarce and less vigilant then; but in this case the holiday also ensured that many of the city’s desktop PCs were powered down, which limited the ransomware’s ability to spread.
The prompt action of the MIS staff on the morning of July 5th to defensively disconnect systems, according to Mitchell, helped reduce the impact of the infection.
In terms of IT architecture, systems compartmentalization further limited the reach of the software nasty. Police, emergency services, school systems, water and wastewater treatment plants, and trash/recycling services were unaffected. According to Mitchell, only 158 computers, or 4 per cent of the more than 3,500 machines used by city employees were compromised.