Protecting your state and local government against ransomware attacks

Security researchers have repeatedly warned the public sector about their data vulnerabilities. Yet they continue to get hammered by cyberattacks launched by hackers demanding ransom for their hijacked systems. A few recent attacks making headlines: Lake City, Fla., a community of about 12,000 people, paid roughly $462,000 in bitcoins following a ransomware attack. This follows up well-publicized attacks of the city of Baltimore, which has been repeatedly victimized within the past year by ransomware attackers losing roughly $18 million in IT costs and lost revenue, or officials of Riviera Beach, Fla., who paid $600,000 in ransom to hackers who crippled their computer systems.

Think these are isolated cases? Think again. Ransomware attacks are a growing problem only expected to get worse.

Ransomware attacks occur daily, as attackers find vulnerabilities in government systems, usually by sending malicious email attachments. Armed with these cyberweapons, attackers lock up valuable data and demand payments in return for decryption keys. Given the relative ease to compromise systems and knowing how desperate entities are to get their data back, hackers today are commanding increasingly higher ransom price tags. While the Federal Bureau of Investigation (FBI) urges organizations not to pay ransom, many feel they have no alternative. Yet 40 percent of victims who paid ransom didn’t get their data back, according to a 2018 global survey by CyberEdge, meaning proactive network protection takes even greater priority.

What makes state and local governments so vulnerable? Outdated security systems, legacy equipment and insufficient data backup are common culprits, as well as a cybersecurity talent shortage, which is impacting both public and private sectors. Despite these challenges, understanding current threats is critical in defending your network. Here are some keys in determining whether your organization is at risk, and how to prevent an attack.

• Conduct a cybersecurity risk assessment. Risk assessments provide a thorough threat analysis to determine where the most impactful avenues of attack might be and tests for specific vulnerabilities in those priority areas. Assess your organization’s ability to prevent initial compromise of malware, stop lateral movement, detect infections, and respond to malware threats.
• Perform a perimeter penetration assessment. What does a breach look like? Test to determine specific threat scenarios and threat actors that can impact your organization to determine how far a malicious actor can go. Restricting lateral movement is critical to your cybersecurity strategy.
• Develop a remediation roadmap to outline the top objectives from your security assessment. Your plan should strengthen your security posture to include clearly identified steps to achieve specific objectives in key areas. These areas may include general security controls and policy review, network security controls, Windows platform assessments, privileged account access, vulnerability management processes, management of mobile devices, investigation, blocking, and response capabilities, and user awareness training.
• If you have security tools in place, evaluate the effectiveness of those products and make sure they work well together.
• Assess your security tool inventory to identify redundant or unused products, evaluate security architecture to understand proper product placement in the organization, and identify pain points with current security products. In addition, conduct a cost analysis of your security product inventory to ensure you are getting what paid for.

Ransomware attacks are not going away. Taking proactive steps can help stave off an attack, protecting your vital data in the process, and potentially saving your organization millions of dollars.

Callie Guenther is a CyberSOC Data Scientist at Critical Start, a provider of Managed Detection and Response (MDR) services. Callie’s expertise in the application of data science to the cybersecurity space has helped government agencies, non-profit organizations, and the private sector prepare against cyber attacks.