5 Ways Cities Can Prevent Ransomware

Ransomware has frustrated IT professionals and end-users since the '90s. In recent months, the technique has victimized government organizations.

Ransomware is typically installed on the victim's systems through email. The attacker sends a massive email to a list acquired. If a person opens the email and clicks the attachment or link, the ransomware infects their computer. From there, the ransomware can duplicate itself and spread to other systems.

This is an example of the screen that pops up when starting the infected computer:

ransomware-2
 

Over 170 governments have fallen victim to ransomware since 2013, according to the American Mayors Association. Large cities like Baltimore and Atlanta were infected and refused to pay. In the end, they ended up spending millions of dollars to rebuild and repair IT systems that were taken offline. Smaller cities in Florida have paid, but are left a tarnished reputation and less taxpayer money.

preventing ransomware attempts

Here is a look at recent publicized cases:


City Hack Date Amount Result
Atlanta, Georgia March, 2018 $51,000 Did not pay and spent millions recovering
Jackson County, Georgia March, 2019 $400,000 County agreed to pay $400,000
Baltimore, Maryland May, 2019 $76,280 Did not pay and spent millions recovering
Lake City, Florida June, 2019 $460,000 Officials agreed to paid the $460,000
Riviera Beach, Florida June, 2019 $600,000 City Council voted to pay $600,000
La Porte County, Indiana July, 2019 $130,000 County agreed to pay $130,000


It is likely that many cases of ransomware go unreported as well.

The decision to pay the hacker or attempt to rebuild is a difficult one. Paying the criminals emboldens and enriches them. Choosing not to pay might cost more in the long run. Some cities like Baltimore have taken a moral stance and taken vows to never pay ransomware. There is also the remote possibility that some hijacked systems can unlocked with the right help.


The methods to stay safe from ransomware are similar to the ways to stay safe from malware and other online malicious criminal activity.

1. Back Up Your Data

Data is the valuable object that makes paying up worth it. If there is no data encrypted, then there is little reason for someone to pay. Backing up data on a regular basis takes the power away from those who have stolen the data. Software and systems might be locked, but the true value is the data.

2. Patch and Update

Hackers take advantage of systems that have not had recent patches or updates to break in. Regularly backing up software takes away these paths to hacking. Building a sandbox environment to test patches and then deploy into the field is a best practice.

3. Security Software

Using security software to stay safe is another important step. Bringing software to bear costs and money and often requires skilled personnel to get the most out . Endpoint protection software can ensure that malware does not infect them and spread. The software service will first block ransomware by detecting malicious activity and then disable the malware before damage is done. Firewalls protect networks from unauthorized traffic. A Security Information & Event Management (SIEM) software takes all the information and events that happen for a network and analyzes them for malicious activity.

4. Expert Help

Implementing and tying together different systems is possible using three different models:
  1. Use your dedicated and skilled security team in your government agency to take complete ownership.
  2. Outsource the security responsibility to a Managed Security Service Provider (MSSP).
  3. The internal team with the government organization can work with an MSSP to multiply their efforts. By cooperating, the organization has the best of both worlds.
A MSSP also has the ability to monitor logs and data from these systems 24 hours a day from a Security Operations Center (SOC) and handle alerts that occur. If something suspicious occurs, the MSSP can notify the city or act to contain a threat.

 

5. Be Cautious with Emails

People should be extremely cautious with emails from unknown senders. Even known senders can be spoofed to make criminals appear like known friends or colleagues. In these situations, avoid clicking links and never open a file from someone you do not trust. The act of opening an attachment or clicking a link is what loads the payload onto the system.

preventing ransomware attempts

Did you enjoy this blog article? Comment below with your feedback.

 

About CIPHER

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of services: Managed Security Services (MSS), Managed Detection and Response (MDR), Cyber Intelligence Services (CIS), Red Team Services (RTS), Governance, Risk and Compliance (GRC) and Cybersecurity Technology Integration (CTI). These services are supported by the Cipher Lab, an elite threat and cyber intelligence research and development lab, and also by five 24x7 Security Operations Centers (SOC).

Cipher is a highly accredited company holding ISO 27001, ISO 22301, ISO 20000, ISO 9001, SOC I, SOC II, PCI QSA, PCI ASV and CREST certifications. The quality of service has led Cipher to win many awards from world-renowned research companies such as Gartner, Frost & Sullivan and Forrester. Clients consist of companies from mid-size enterprises to world-renowned corporations and government agencies, with countless success stories.

Recent Security Posts

Essential-Cyber-Security-Tips-Guide.jpg

Twitter Feed