Government agencies are on high alert as ransomware attacks are on the rise. While all organizations are potential targets, the government sector is particularly vulnerable. We’ve seen state, local and municipal agencies’ operations brought to a grinding halt, with attackers aiming to lock up victims’ most valuable data and be as disruptive as possible.
What is ransomware?
Ransomware is a form of malicious code (or malware) that can take control and prevent access to systems or data. Attackers can deliver the malicious code in a variety of different vectors; phishing being one of the most common. Once they have successfully infected their target, they hold the data or systems “for ransom” and typically promise to restore access once the sum of money has been paid.
Ransomware Takes Hold of State and Local Governments
The attack on the city of Atlanta in March of this year is still fresh in many minds, with unforeseen outages on computers used for day-to-day operations and customer-facing applications. The impact was far reaching, with police officers forced to write reports by hand, The Department of Parks and Recreation required to manually review permits and event applications and the Atlanta Municipal Court unable to validate warrants or process ticket payments.
According to The New York Times, the group behind the attack, the SamSam group, is believed to have extorted more than $1 million from approximately 30 target organizations in the first half of 2018 alone. And, this is nothing new. A survey of CIOs in 2016 found that obtaining ransom is the most common motive behind cyberattacks on government and that 32 percent reported experiencing attacks, incidents or breaches as often as once an hour.
Why are Government Agencies a Bullseye for Ransomware Attacks?
Government agencies are attractive targets for ransomware attacks for two main reasons. It’s not necessarily that they are more susceptible, but rather that they are a bigger target. That’s because government networks are public-facing — a requirement to enable individuals to be able to find information, pay fees and submit applications and requests.
Secondly, government agencies cannot afford downtime. Attackers recognize that a government network shutdown could impact public safety and critical community communications. Attackers, such as the SamSam group, have become known for choosing targets that are the most likely to comply with ransom demands — because they seemingly have the most at stake.
Why is ransomware particularly challenging to prevent?
Due to a lack of internal IT resources, limited budgets and lack of formal processes to identify and thwart threats, agencies are often reactive when it comes to cybersecurity — regularly putting out fires rather than shifting to prevention. And even reactive measures and responses aren’t widespread. According to a 2018 report by the Office of Management and Budget, only 30 percent have predictable, enterprise-wide incident response processes in place, meaning that once a threat has been detected, only one in three agencies have some kind of standard procedure for who to tell and what information to share.
Plus, traditional intrusion detection technology and patch management solutions feed into the fire drill mentality, as these conventional endpoint cybersecurity solutions either can’t or don’t stop an attack, but rather attempt to detect or contain a compromise that has already occurred. But by that point, the damage is done — and agencies are scrambling to react.
What’s needed is a new approach to cybersecurity, one focused on prevention, not detection. Download our new white paper, “Guard Government Services from Ransomware Attacks,” to learn how to ditch the fire drills with a zero-trust approach that keeps ransomware, and other advanced threats, at bay.