How Government Agencies Should Update Their Ransomware Recovery Strategy
Ransomware, also known as ransom malware, is a form of malware that prevents end users from accessing their system and data without paying a ransom to hackers. In other words, the victim needs to pay a ransom in order to receive the decryption key for their files and systems. The first type of ransomware was detected in the late 1980s. Today, ransomware cyber criminals often demand payment in the form of either a credit card or cryptocurrency. In 2018, there were an estimated 184 million ransomware attacks. Based on FBI’s 2017 Internet Crime Complaint Center (IC3), victims reported a cost of $2.3 million in ransomware payments.
Ransomware has now been around for several decades, but the techniques for spreading the malware – and avoiding detection – have become much more sophisticated in our digital age. For instance, some attackers may even use crypters to thwart the possibility of reverse-engineering. Furthermore, the use of offline encryption methods are becoming increasingly popular with cyber criminals. As a result, they don’t need Command and Control (C2) communications.
Since ransomware is so profitable for hackers, it has become one of the most significant threats facing government agencies’ digital networks and systems. Since 2013, at least 170 city, county, or state government systems have been attacked – this number includes around 45 sheriff’s and police offices. An effective ransomware attack can cripple a government agency similar to the case of the May 7 ransomware attack against Baltimore’s city government. For Baltimore, essential city services such as closing home sales and receiving permits were unavailable until the ransom was paid.
Despite the fact that ransomware attackers usually target individuals, government agencies pay up to 10 times more to regain access to their files. The average ransomware payments for all victims was around $36,295. In contrast, the average payment for a government agency was around $338,700. Perhaps this is one critical reason why cyber criminals continue to up the ante when it comes to hijacking government systems with ransomware. The future requires proactive cybersecurity measures. So, what can your agency do? Keep reading to learn more.
Why Are Ransomware Attacks on the Rise?
In 2017, ransomware payments exceeded $2 billion – and that number continues to go up. In fact, the average ransomware demand rose 266 percent from 2016. As government agencies continue to grow – along with tax revenue – so will the financial expectations from ransomware attackers.
Yet, the rise in attacks against government agencies can also be attributed to a type of malware called Ryuk. In June 2019, the attack on Lake City, and Riviera Beach, Florida scored Ryuk hackers an estimated $1.1 million. Many government agencies are considered “soft targets” since they have limited funding to replace legacy hardware systems and software applications.
Not to mention, many government IT departments’ are distinctly understaffed. It has also been discovered that many major cities run much of their municipal applications on expired versions of Microsoft Windows. As you can see, government IT security is lacking in many areas.
Since March 2018, Atlanta Mayor Keisha Lance Bottoms conveyed to Congress that the city has already paid $7.2 million to ransomware attackers. According to Atlanta officials, the overall cost could reach $17 million. And, years of police records are now lost and unrecoverable. While the FBI advises against paying ransomware attackers, many of these cities are left paralyzed without access to their files and systems.
A Europol report stated it plainly: “Ransomware has eclipsed most other cyberthreats with global campaigns indiscriminately affecting victims across multiple industries in both the public and private sectors. Some attacks have targeted and affected critical national infrastructures at levels that could endanger lives. These attacks have highlighted how connectivity, poor digital hygiene standards and security practices can allow such a threat to quickly spread and expand the attack vector.”
After the mid-2000s, attacks became much more prominent and much more sophisticated. Moreover, cyber criminals have tended to favor well-known ransomware such as CryptoWall, TeslaCrypt, and Locky. To illustrate, the use of Cryptowall has generated over $320 million in payments to cyber criminals.
With all of this money on the line, and the current state of many government IT systems, it seems the criminals are winning. It only takes a few attacks to provide attackers with substantial sums and motivation. The one silver lining is that while ransomware attacks are on the rise – and even spreading to school districts – government agencies are also now taking notice and becoming much more aware of their vulnerabilities. It’s past time to revamp government IT security.
Are Your Systems Vulnerable?
How often does your business back up its data — every day, week, month, annually or never? Backing up your data regularly is the backbone of any backup and disaster recovery service. Doing this task will give you peace of mind in the event of a critical application or file getting deleted or compromised. In the event of a disaster, you’ll have access to your data in a matter of minutes.
Ransomware attacks are usually opportunistic in nature. For example, hackers may exploit long-expired versions of Microsoft Windows to infect computers. These are malicious criminals who look for security issues, or vulnerabilities, in your system to use for their financial benefit. Because many government agencies do not have the resources to implement sophisticated cybersecurity protocols, they are often the most vulnerable in ransomware attacks.
Plus, due to tight regulations, it’s difficult for government IT to simply deploy new software. Nonetheless, many government agencies have irreplaceable data and provide services that rely on continuity. Here’s how to tell if your agency is at risk:
- Your applications are running on outdated/expired versions of Microsoft Windows.
- You don’t have sufficient cybersecurity policies, and protocols in place.
- Your IT department is understaffed.
- You have poor access management.
- You do not protect, or monitor, your network efficiently.
- You do not comprehensively train your employees on how to deal with suspicious links, websites, and emails.
The good news is there are steps you can take to help prevent against future ransomware attacks.
Protect Your Agency: Here’s How
There are many ways you can start protecting your agency, right now, against the threat of a ransomware attack. For starters, it is critical to ensure you are using the latest version of Microsoft Windows and that all security patches have been deployed.
Next, you must perform regular backups of all your data. Hackers locking your data will not be as significant if you have copies elsewhere. Then, you should scan all suspicious emails, links, and websites. Also, it’s vital to ensure all of your anti-virus programs are updated and working consistently. Educate your employees on the trends in ransomware attacks and how to identify malicious links, emails, texts, and websites.
In addition, all incoming and outbound network traffic must be monitored. Access to sensitive files and systems should be limited and monitored, as well. And, upgrade all your security technologies. If this level of required IT management has become overwhelming, then it is time to outsource several levels of your IT department.
In the future, criminals will have the means to carry out large attacks demanding record-breaking sums. Other developing threats include ransomware-as-a-service and mobile ransomware. The sooner government IT becomes more proactive against encroaching ransomware attacks, the better you will be at keeping your systems and data secure.
Protecting your agency against ransomware attacks is a never-ending process. It requires vigilance, the right intelligence, and an implementation of the right cybersecurity measures. It is also important to partner with an expert IT resource ensuring that you are no longer exposed to these dangerous – and costly – ransomware attacks.