Preventing and responding to ransomware

Ransomware attacks on public institutions are on the rise. In fact, in 2019, many state and local governments, as well as hospitals, were the targets of cybercrime. The result can be a lack of productivity, financial issues and other operational deficiencies and crises for these organizations.  

The fact that these dangerous cyberattacks, and their consequences have been made increasingly public has increased the sensitivity of data security – not only among the population, but especially at the targeted government institutions. A 2019 cybersecurity study found that even if disclosure of such attacks is required by law, some institutions have not reported violations. This suggests that the actual number of attacks is higher than previously thought.

It is high time to act. But many are struggling to implement effective protection measures in order to defend themselves. The reason: they have too little information about the faster and more persistent attack scenarios of hackers.

As is so often the case, the best form of protection is prevention. This means taking appropriate protective measures to stop a cyberattack before it even has a chance to infect computers. For example, government organizations that handle sensitive information should have powerful spam and high-quality firewalls to protect against malicious IP addresses. More security can also be ensured by using up-to-date operating systems and introducing standard processes for attaching operating system patches and updates, as well as recognized anti-virus programs. But beware, it is not enough to simply install and implement these protection measures. Instead, the measures must be continuously tested and optimized to ensure that the data remains protected.

Prepare employees to defend against cybercrime

Phishing attacks that attempt to steal personal data from an email recipient, in particular, remain a concern. Los Angeles County was the target of a phishing attack in late 2019. These cyberattacks are unfortunately on the rise, as employee emails become more vulnerable to hackers. Opening an email attachment of a supposedly harmless email can cause a virus to become active and spread throughout the entire system triggering an attack.

To stop these types of attacks from occurring, education must be central to any prevention strategy. Employees should be made aware of how to protect their computers from a possible attack and how to identify a potentially dangerous email. Hackers constantly re-adjust their attack methods to overcome the latest security technology, so employees must be continuously informed and trained.

Introduce security solutions

The market has a wide variety of security solutions. They cover a wide range of areas, such as intercepting viruses, providing secure passwords, or controlling routes in and out of the cloud. Which of the solutions is appropriate for whom depends on the individual requirements. However, a holistic security strategy should be established before the introduction, on the basis of which the appropriate solutions are then acquired. Care should be taken to ensure that there is no patchwork, but an all-encompassing system that leaves no gaps open because that is what hackers thrive on.

Reduce damage and downtime

Even the best thought out plans sometimes fail. Therefore, if all preventive measures and safety systems fail, ensure that the existing data is as secure as possible and can be reliably restored. This is the only way to ensure that, in the event of a successful cyberattack, minimal damage and downtime occur – a particularly important aspect, as infrastructures or public institutions offer elementary services and have sensitive, personal data that is highly protected.

The backup plan

In the event of an attack, organizations should have a disaster recovery plan that includes certified and recognized backup and disaster recovery software.  Local backup images may be sufficient to protect the data. However, since ransomware is able to encrypt backups, it is recommended to go a step further and replicate the backup images to a cloud system. This ensures that the files are still secure and easy to recover.

Don’t pay under any circumstances

If a public institution is the target of a ransomware attack, it is important to keep calm and don’t pay. The payment of ransom encourages hackers to continue to launch attacks and signals to them how vulnerable an organization is, which can increase the likelihood of further attacks.    

Public administrations, authorities and institutions must be aware of cybercrime. They should do their utmost to protect their systems and data and, in the event of a successful attack, ensure that the public is informed in a targeted and coordinated manner. It is essential to prevent hackers from using such attacks to unsettle the public and to shake confidence in existing social systems and structures.

Shridar Subramanian is the vice president of Global Product Management at StorageCraft.