Post written by
Pure IT's’s perspective and stance on cybersecurity.">As Chief Information Security Strategist, Gene is responsible for strategies on Pure IT's’s perspective and stance on cybersecurity.
In the last five years, ransomware attacks have become more common. Consider two well-publicized examples: the Baltimore infection incident in May that cost the city $18 million and, in August, an attack on 23 Texas cities and government agencies that targeted computer systems across the state.
According to a recent study of ransomware attacks, approximately 17% of state and local governments that are attacked end up paying the ransom. That same study found nearly 170 instances of ransomware infecting state and local government networks since 2013. These are all reminders that cities and many other critical sectors are not yet prepared to defend against such attacks.
The malware used in Texas may have been the Ryuk variant, a new type of malware that can hit multiple targets at once. Historically, ransomware executes when the infection takes place. However, this new malware reportedly can be commanded and controlled, giving the attacker a distinct advantage over many current defenses. If true, this is significantly different than previous ransomware campaigns.
The FBI has gone on record recommending against paying ransoms. Similarly, the United States Conference of Mayors passed a resolution against paying ransoms. But in reality, when you are hacked and have little hope of recovering your data from backups, paying the ransom may become a viable option.
Successful campaigns against municipalities not only encourage attackers; they also allow criminals to refine their approach, fine-tuning them to attack more government and nongovernment entities alike. As a result, we must all share threats, lessons and defense strategies, not just within our own sectors, but across sectors to strategically plan and closely monitor security investments.
Here are several considerations to keep in mind:
• Do you know the location of your “corporate jewels” and their value? Once you have your most valuable assets identified, you can complete a risk assessment to identify the most critical risk factors related to ransomware and data loss.
• Look at protection activities from a business continuity viewpoint. Consider the impact if you were suddenly faced with the loss your critical data. How would you adapt and overcome the encryption of your operational data? Do you have the funds to respond?
• Whether you recover or pay the ransom, the security efforts must be supported by an approved budget and programs. Leaders must understand and monitor the strategies that can quickly identify and respond to cyber risks.
• Reach out to threat sharing organizations within your own sector, such as Information Sharing and Analysis Organizations (ISAO). There a multitude of ISAOs covering state, local, ports, finance, etc., all focused on sharing actionable threat information with members.
• While some big industries and statewide operations are getting better at threat sharing, the same cannot always be said for smaller municipalities and local government agencies. I believe we will continue to see these become more frequent targets of ransomware criminals. One of the best ways to learn is through talking to peers who have just lived through cyber ransom events. Committing those lessons to a FAQ or other document is critical to sharing experiences and preserving those learning experiences.
Today, governments employees, the public and all stakeholders must all be actively involved in anticipating, preventing and responding to cyberattacks. Collaboration and teamwork will ensure government agencies and industries deliver on their missions to protect citizens and provide services, respectively.
So far, there have been no reports of the Texas victims paying ransom. Some of these cities may have comparatively fewer online services — or more robust recovery plans. The one thing we do know is that the attacks on similar targets will continue to escalate. The tools are getting better, and the attackers are getting smarter. We should all expect ransomware attacks to continue to escalate.
It is time to focus on building a united front against ransomware in all sectors. Threats and attacks will likely become more frequent and damaging. We must learn to be as effective at sharing information if we want to avoid becoming victims.