Your Ransomware Survival Guide

Ransomware attacks are growing in the public sector. You may have heard the stories of local governments that have been hit and have spent from $500,000 (Lake City, FL), to more than $18 Million (Baltimore, MD) to free their data and get back to business as usual.

“More than 20 local municipalities, cities, counties, and state governments have been hit this year that we know of,” Information Security Consultant Ron Bush noted in this GovTech article. “Ransomware attacks have been growing. From a hacker’s perspective, there’s very little risk.”

According to Forbes.com, “Deliberate information technology disruption is considered a top risk to all organizations both in terms of likelihood and potential impact.”  For local governments in particular, paying ransom can create budget crises that directly impact residents and communities.

To prevent the catastrophic losses that can accompany a ransomware attack, local governments must be equipped to:

1. Understand ransomware and how attacks work

If you know what to look for, it is possible to identify an infection before encryption even starts. The stages of a typical ransomware attack include: a campaign, such as a phishing email; infection, where the malicious code is downloaded and begins to run; staging, when the attacker “owns” the system; scanning, as the malware searches for files to encrypt; actual encryption; and, finally, pay day, when the attacker demands payment.

2. Defend against attacks

There is no silver bullet for protecting your organization from a ransomware attack, however, there are steps you can take to improve your defenses and resilience. These include efforts around:

• People: Invest in cybersecurity awareness training and routinely track the training program’s success.
• Processes: Make sure your systems are up to date with patches, multi-factor authentication, and “air-gapped” backup.
• Technology: Use managed threat detection to proactively hunt for threats, block outbound traffic by GeoIP, use software restriction, and segregate critical services via firewalls.

3. Respond effectively if attacked

Preparation and practice are the secrets to success. If you are comprised, you can recover quickly with little or no damage if you are prepared operationally and technically. Design, for example, an “air-gap” backup strategy, and create and practice an incident response testing plan. Ensure your Business Impact Analysis and recovery procedures are up to date and be prepared to do business off-line. Finally, conduct external penetration tests and perform backup recovery regularly.

“Ransomware is opportunistic in nature,” said Rick Simonds, general manager and vice president of Tyler Cybersecurity. “As ransomware continues to evolve, government agencies must be educated, prepared, and agile to protect themselves and their communities.”