Right now, no one is safe from ransomware attacks; this is especially true for government entities, with strikes on this segment becoming unnervingly common.
You probably heard on the news this week that 23 local government agencies in Texas were targeted in a ransomware attack. While the number of confirmed entities has since been reduced to 22, it is still one of the largest coordinated ransomware attacks that we’ve seen.
According to the Texas Department of Information
Resources (DIR) website, "evidence continues to point to a single threat actor", meaning that this attack was skillfully planned, and was highly organized. At this point, it's still too early to know how much of an impact it will have on those (currently unlisted) 22 entities, but it is safe to say that this attack will haunt them for the foreseeable future.
“It’s important to distinguish between an attack and a payout. Most, if not all, organizations experience attacks on a regular basis, but only those that plan for these events can successfully avoid making the hard decision between paying out or rebuilding”, says Frankie Majowich, VP of Technology at DSM.
Below are just 4 additional examples (out of many) that have caused governments to pay, one way or another, so far in 2019:
Organization: Lake City, FL
Date: June 2019
Apparent Cause: Reportedly due to an employee clicking on an email link containing malware.
Payout: Lake City reportedly paid hackers $460,000 to gain control once again over their email and seized servers.
Organization: Riviera Beach, FL
Date: May 2019
Apparent Cause: Reportedly also due to an employee clicking on an email link containing malware.
Payout: Riviera Beach, FL (a city of only 35,000) ended up paying hackers $592,000 believing they had “no choice” due to the hackers paralyzing the city’s computers.
Apparent Cause: Exact cause not publicly available.
Payout: Hackers responsible for the attack on Baltimore initially demanded $76,000, but Baltimore refused to pay up and has instead put more than $18 million into fixing the situation and following the guidelines of experts and law enforcement.
Organization: Jackson County, FL
Date: March 2019
Apparent Cause: Not publicly available.
Payout: County officials hired a cyber security consultant and negotiated with the hackers, leaving them with a payout of $400,000 to re-gain access to their files. County Manager Kevin Poe said, "we had to make a determination on whether to pay," Poe said. "We could have literally been down months and months and spent as much or more money trying to get our system rebuilt."
Ransomware has very clearly become an epidemic that has affected organizations of all sizes, but most recently it's important to note that there has been a significant increase in attacks on government entities. Liron Barak, CEO of cyber-security firm BitDam, said local government attacks are profitable for hackers. “In addition to the regular ‘hacker’s benefits’ of gaining access to customer data, an attacker who penetrates a city’s system may get access to sensitive resident information,” she said.
“Depending on the IT structure of the targeted local government, hackers can have an impact on multiple systems, beyond just customer information databases. From an attacker’s perspective, the potential in hacking a city is much higher than the potential in hacking a commercial organization.”
Ransomware attacks show no signs of slowing down, so protection is the only means of prevention. With hackers “generally going for low-hanging fruit,” according to Peter Mackenzie, Global Malware Escalations Manager at Sophos, it’s imperative to not be an easy target.
So, what can be done?
8 Ways to Protect Your Organization from Ransomware
1. Educate employees
According to a Help Net Security survey, over 30% of workers are not familiar with ransomware, and clicking on suspicious links can unleash malware across the whole network (as we saw with the Lake City and Riviera Beach attacks).
2. Employ content scanning and filters
Don’t rely on a “human firewall.” A scanner or filter on mail servers will check for known threats within inbound emails and block any attachments that could be dangerous.
3. Install antivirus
Ensure AV is current across all endpoints. It’s not impenetrable, as malware is always evolving, but it is a solid first line of defense.
4. Update regularly
Regular updates help maintain the integrity of your systems and install patches that eliminate weaknesses that malware aims to exploit. Patches were largely responsible for stopping further damage from the Meltdown and Spectre bugs in early 2018.
A daily back-up of important data gives attackers a lot less leverage; rather than pay up, victims can restore previously saved data with minimal loss (learn about the 3-2-1 backup strategy).
6. Restrict privileges
Not every employee needs access to everything; they only need to be able to perform their work-related tasks.
7. Purchase cyber insurance
These policies generally cover your business’ liability for breaches involving customer information such as Social Security, credit card, and driver’s license numbers, in addition to health information.
8. Work with a cloud services provider
Managing IT can be a burden, especially for small and mid-size organizations. A reputable managed cloud services provider can help maintain and monitor the security of your data and assist in recovery in the event of an attack or breach.
With a ransomware attack expected to happen every 14 seconds by the end of 2019 (costing organizations millions), protection has never been more critical. Wouldn’t it be nice to have peace of mind knowing that your data is protected?
When you partner with DSM, you can achieve that peace of mind knowing your data won’t be held ransom by an unsavory threat actor. If you want to learn more about how we can safeguard your data, AND your wallet, speak with the experts at DSM today. As your safest journey to the cloud, we’re here to help.