Ransomware has frustrated IT professionals and end-users since the '90s. In recent months, the technique has victimized government organizations.
Ransomware is typically installed on the victim's systems through email. The attacker sends a massive email to a list acquired. If a person opens the email and clicks the attachment or link, the ransomware infects their computer. From there, the ransomware can duplicate itself and spread to other systems.
This is an example of the screen that pops up when starting the infected computer:
Over 170 governments have fallen victim to ransomware since 2013, according to the American Mayors Association. Large cities like Baltimore and Atlanta were infected and refused to pay. In the end, they ended up spending millions of dollars to rebuild and repair IT systems that were taken offline. Smaller cities in Florida have paid, but are left a tarnished reputation and less taxpayer money.
Here is a look at recent publicized cases:
|Atlanta, Georgia||March, 2018||$51,000||Did not pay and spent millions recovering|
|Jackson County, Georgia||March, 2019||$400,000||County agreed to pay $400,000|
|Baltimore, Maryland||May, 2019||$76,280||Did not pay and spent millions recovering|
|Lake City, Florida||June, 2019||$460,000||Officials agreed to paid the $460,000|
|Riviera Beach, Florida||June, 2019||$600,000||City Council voted to pay $600,000|
|La Porte County, Indiana||July, 2019||$130,000||County agreed to pay $130,000|
It is likely that many cases of ransomware go unreported as well.
The decision to pay the hacker or attempt to rebuild is a difficult one. Paying the criminals emboldens and enriches them. Choosing not to pay might cost more in the long run. Some cities like Baltimore have taken a moral stance and taken vows to never pay ransomware. There is also the remote possibility that some hijacked systems can unlocked with the right help.
The methods to stay safe from ransomware are similar to the ways to stay safe from malware and other online malicious criminal activity.
1. Back Up Your Data
Data is the valuable object that makes paying up worth it. If there is no data encrypted, then there is little reason for someone to pay. Backing up data on a regular basis takes the power away from those who have stolen the data. Software and systems might be locked, but the true value is the data.
2. Patch and Update
Hackers take advantage of systems that have not had recent patches or updates to break in. Regularly backing up software takes away these paths to hacking. Building a sandbox environment to test patches and then deploy into the field is a best practice.
3. Security Software
Using security software to stay safe is another important step. Bringing software to bear costs and money and often requires skilled personnel to get the most out . Endpoint protection software can ensure that malware does not infect them and spread. The software service will first block ransomware by detecting malicious activity and then disable the malware before damage is done. Firewalls protect networks from unauthorized traffic. A Security Information & Event Management (SIEM) software takes all the information and events that happen for a network and analyzes them for malicious activity.
4. Expert Help
- Use your dedicated and skilled security team in your government agency to take complete ownership.
- Outsource the security responsibility to a Managed Security Service Provider (MSSP).
- The internal team with the government organization can work with an MSSP to multiply their efforts. By cooperating, the organization has the best of both worlds.
5. Be Cautious with Emails
People should be extremely cautious with emails from unknown senders. Even known senders can be spoofed to make criminals appear like known friends or colleagues. In these situations, avoid clicking links and never open a file from someone you do not trust. The act of opening an attachment or clicking a link is what loads the payload onto the system.