Building Resiliency Against Government Ransomware Threats
Building Resilience Against Government Ransomware Threats
Attacks on government agencies in the USA affected around 173 million people, and resulted in damages valuing approximately $52.88 billion. Implementing a cloud-based disaster recovery solution can enable government organizations to drop over to a secure cloud and continue providing services to people.
There has been a rise in ransomware attacks the threat to government organizations.
Even before COVID-19 hit, there were 246 ransomware attacks carried out against government entities in the US alone, from 2018 to 2020. An NPR article stated that the 2019 cyberattack on Baltimore's government organizations was "only one of over 20 made on municipalities this year” — and cybersecurity experts said it likely would take months for the city to recover."
Attacks on government agencies in the USA affected around 173 million people, and resulted in damages valuing approximately $52.88 billion, and An NPR article states that the 2019 cyberattack on Baltimore's government organizations is "only one of over 20 made on municipalities this year — and cybersecurity experts say it likely will take months for the city to recover."
Unlike large corporations and small organizations, government agencies didn’t take precautions after the Target incident in 2013. Now more than ever, government agencies are rapidly expanding their use of services and technologies that rely on Internet connectivity, and they are often doing so without properly protecting their sensitive data.
It opens new vectors of attack for cybercriminals and hostile governments. Cybercriminals see ransomware as a promising additional revenue stream that raises the stakes.
Challenges to Government Organizations in combating Cyber Attacks
Government agencies face a few challenges in combating cyberattacks, which are usually are ignored because of time constraints or the lack of awareness, such as:
- Maintaining the integrity of the organization's systems, software, and data in the face of documented and advanced persistent threats.
- Identifying, reacting to, and correcting vulnerabilities without unnecessary complexity (e.g., extra tools and agents).
- Controlling cost while preparing for attacks.
- Understanding the security of workloads, clouds, networks, and endpoints.
Without a thorough understanding of its endpoints, network access, and servers, state and local government agencies wouldn’t be able to detect ransomware in its early stages or isolate compromised hosts in a timely manner. While most organizations would benefit from investing more in ransomware detection and prevention, they simply don't receive the funding from higher authorities (again—lack of awareness) or resources to do so.
What countermeasures can departments take to prevent further ransomware attacks on the government? How can vulnerable local governments like those in smaller towns and areas where funds are usually tight take precautions?
Governments, enforcement agencies, and regulators must remain resilient by prioritizing ransomware awareness, preparation, response, and recovery while struggling with challenges like accountability and data privacy.
The decision to pay a ransom or not could depend on whether a government agency masters the essentials of these four strategies and then continue to develop higher levels of cyber maturity. This creates a resilient environment where attacks may still happen but don't have the same effect as they would otherwise.
Four Ways for Building Resilience Against Government Ransomware Threats
The highest ransom paid in the past two years was $592,000. On May 29, 2019, a phishing email encrypted city archives in Riviera Beach, Florida, and shut down the city's email, digital payroll, and 911 services. Educating government workers on the newest developments and encouraging them to exercise caution with the websites and emails they visit should remain a top priority.
Reports from Coveware for the last quarter of 2020 and the first quarter of 2021 show that phishing emails and Remote Desktop Protocol (RDP) compromise accounts for 75% of all ransomware attacks.
Best practices to prevent ransomware attacks:
- Multi-factor authentication is highly recommended for both high-risk users and sensitive assets. This strategy can be a formidable obstacle to credential-based or privilege-escalation attacks like ransomware.
- Due to COVID-19, more people are working remotely, which can pose security risks because of the insecure nature of many home networks. Reducing the risks associated with remote desktop connections should be the top priority.
- Education and training for government employees on how to stay safe online should be required. To further reduce risks, it is important to make some simple changes and be aware of where and how dangers can penetrate.
- Authenticate incoming emails to stop email spoofing and enable robust spam filters to stop phishing emails from hitting the inbox.
Detecting the Threat
Use intelligence in the early phases of an attack to figure out who is responsible, how they gained access, how long they could stay persistent, and how they finally triggered the ransomware. Such information can help with decryption and bargaining and assess the severity of the threat.
There is no way to prevent a ransomware attack with one hundred percent assurance because the ransomware keys, algorithms, and infiltration techniques are always developing. On the other hand, IT administrators can deploy automated methods to catch ransomware in its early phases.
Some software solutions use artificial intelligence and machine learning to detect suspicious behaviors, such as files getting encrypted unusually and notifying administrators about infections before they spread further.
Backup and Recovery
Recovery and restoring from a clean backup is the only option to regain access to encrypted files after a ransomware attack without forking over the demanded sum. It is critical to have a backup solution that incorporates ransomware protection, as in the absence of this, ransomware can encrypt backup files as well.
Implementing a cloud-based disaster recovery solution can enable government organizations to drop over to a secure cloud and continue providing services to people, even if it takes some time to restore services on-premises. This is especially useful for time-sensitive or essential government functions.
Test the process
What good is a backup if it can't be restored when needed? Only backups that restore data according to industry standard Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) should be trusted. You need to preemptively test the backup to be confident that it will restore data according to your needs.
IT departments in local, regional, and public bodies, all of which are often short on resources, need security policies that may shrink the attack surface and allow for prompt remediation, investigation, and recovery from ransomware attacks. However, many of these solutions are too complicated, too difficult to deploy and manage, or worse; they lack essential functionality.
Cooperating with a service provider or comparable entity that provides tailored Disaster Recovery and Business Continuity Plans (DR/BCP) is another option for reducing the effects of ransomware attacks on local, state, or federal governments.