Need Computer Services? We Can Help! Call: (317) 585-0500

Hey Brother, Can You Spare $2.7 Million?

Time To Save Big Money With Your Business IT Solutions?


Need Someone Reliable To Fix Your Computer Troubles?

Service Award
Top Imgs

You Got The Right Company To Help.

Reach Out To Our Team Today.


PCHelp protects your privacy. We will ensure your confidentiality.

Don’t Be Like The City Of Atlanta That Paid Millions After A Ransomware Attack

In March 2018, Atlanta’s city government was hit with a ransomware attack that paralyzed them. They couldn’t process payments, provide information or other citizen services because their IT system was locked down. The note attached to the SamSam ransomware demanded $51,000 in bitcoin to restore their systems. However, the City of Atlanta spent much more than this trying to recover their data; a whopping $2.7 million! Plus, some services still aren’t up and running.

We’re not sure if they paid the ransom, but it doesn’t look like it went through if they tried. The hackers took down their communications portal, which they would have needed to pay the ransom. Agencies like the FBI tell us not to pay ransoms because it only encourages these criminals to continue hacking us. Plus, paying doesn’t necessarily mean that the thieves will provide the decryption keys to unlock your data.

It would have been so much cheaper to have protected their network beforehand. The City of Atlanta paid $600,000 in emergency data recovery costs after the incident. They could have set up a more secure system throughout all their departments for 10 percent of this. If I were a taxpayer in Atlanta, I’d be pretty angry about this, wouldn’t you?

Unless your organization has $2.7 Million to spare, it’s time to up your IT security.

Government entities are advised to follow the standards mandated by the Federal Information Processing Standards (FIPS) through the Federal Information Security Management Act (FISMA).

FIPS are a set of standards for document processing, encryption algorithms and other information technology standards for use by non-military government agencies, government contractors and vendors who work with them.

The US government’s National Institute of Standards and Technology (NIST) disseminates these standards via their Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, recently published on April 16, 2018.

Had The City of Atlanta followed these standards, they may not have been hacked.

The voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. It’s broken down into five segments:

Identify, Protect, Detect, Respond and Recover

1. Identify: Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.

2. Protect: Develop and implement appropriate safeguards to ensure delivery of critical services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event. Examples of outcome Categories within this Function include Identity Management and Access Control; Awareness and Training; Data Security; Information Protection Processes and Procedures; Maintenance; and Protective Technology.

3. Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event. The Detect Function enables timely discovery of cybersecurity events. Examples of outcome Categories within this Function include: Anomalies and Events; Security Continuous Monitoring; and Detection Processes.

4. Respond: Develop and implement appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident. Examples of outcome Categories within this Function include Response Planning; Communications; Analysis; Mitigation; and Improvements.

5. Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. The Recover Function supports timely recovery to normal operations to reduce the impact of a cybersecurity incident. Examples of outcome Categories within this Function include Recovery Planning; Improvements; and Communications.

The NIST Framework is a good reference for guidance. PC Help Services can do the rest. The days of using only in-house techs are gone. Your organization requires the up-to-date expertise of IT experts who can keep your data secure.

What Else Can You Do?

6 Steps To Take To Protect Your Organization

Step 1: Ignore Ransomware Threat Popups and Don’t Fall for Phishing Attacks

These threats look like they’re from an official entity like the IRS or FBI. If a screen pops up that says you’ll be fined if you don’t follow their instructions, don’t do what they ask. If you do, the criminal will encrypt all your data and prevent you and your employees from accessing it.

Beware of messages that:

  • Try to solicit your curiosity or trust.
  • Contain a link that you must “check out now”.
  • Contain a downloadable file like a photo, music, document or PDF file.

Don’t believe messages that contain an urgent call to action:

  • With an immediate need to address a problem that requires you to verify information.
  • Urgently asks for your help.
  • Asks you to donate to a charitable cause.
  • Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

Be on the lookout for messages that:

  • Respond to a question you never asked.
  • Create distrust.
  • Try to start a conflict.

Watch for flags like:

  • Misspellings
  • Typos

Step 2: Always Use Secure Passwords

  • Never use words found in the dictionary or your family names.
  • Never reuse passwords across your various accounts.
  • Never write down your passwords.
  • Consider using a Password Manager (e.g., LastPass or 1Password)
  • Use password complexity (e.g., P@ssword1).
  • Create a unique password for work.
  • Change passwords at least quarterly.
  • Use passwords with 9+ characters.
    • A criminal can crack a 5-character password in 16 minutes.
    • It takes 5 hours to crack a 6-character password.
    • Three days for a 7-character one.
    • Four months for eight characters.
    • 26 years for nine characters.
    • Centuries for 10+ characters.
  • Turn on Two-Factor Authentication if it’s available.

Step 3: Keep Your Passwords Secure

  • Don’t write down passwords.
  • Don’t email them.
  • Don’t include a password in a non-encrypted stored document.
  • Don’t tell anyone your password.
  • Don’t speak your password over the phone.
  • Don’t hint at the format of your password.
  • Don’t use the “Remember Password” feature offered on programs like Internet Explorer, Portfolio Center or others.
  • Don’t use your corporate or network password on an account over the Internet that doesn’t have a secure login where the web browser address starts with “http://” instead of “https://”. If the web address begins with “https://”, then your computer is talking to the website in a secure code that no one can eavesdrop on. There should be a small lock next to the address. If not, don’t type in your password.

If you believe your password may have been breached, you can always change it.

Step 4: Back Up Your Data Onsite/Remotely and Securely

  • Maintain at least three copies of everything.
  • Store all data on at least two types of media.
  • Keep a copy of your data in an alternate location.

If you haven’t backed up your data and you get attacked, it’s gone forever.

Step 5: Secure Open Wi-Fi with a VPN

  • Don’t go to sites that require your personal information like your username or password.
  • Use a VPN whenever possible.
  • Limit your access to using sites that start with “https://”
  • Don’t connect if all the Wi-Fi networks you have ever accessed appear as “Available”.

Step 6: Hire a Reputable IT Company to Conduct Testing and Training

  • Conduct a social engineering test.
  • Share the results with your staff.
  • Debrief and train your users.
  • Test again each year!

Don’t run the risk of getting hit with SamSam or any other form of ransomware. Follow the FIPS and NIST Framework and ask the experts at PC Help Services to help.


Absolutely amazing. Matthew came to the office and worked with the laptop I had tried to fix myself. He listened carefully to what I reported, then worked with it for over an hour. He asked if he could take it back to his office to work with it. I agreed on the basis of a two-hour billable cap. He took it back to his shop, I’m sure spent way more than two hours fixing it, and returned to me a laptop I scarcely recognized–faster, working wireless, updated Cisco VPN software–perfection. In the course of his magic, he was always available to discuss the configuration, asked all the right questions and gave the right answers. He met the deadline I imposed. The service was so impressive that I asked about future availability to deal with a small business network if help was needed. There’s a team of folks ready to help.”

Michael Griffith

Connect With Your Computer Support Team

  • 2810 E 116th St Ste 160 Carmel, IN 46033
  • Weekdays 8AM-5PM
    Saturday 10AM-2PM
    Sunday Closed
  • 317.585_.0500