New York Takes Bold Steps to Tackle Ransomware

When it comes to robbers grabbing hostages, the idea that an organization’s data might be the thieves’ potential target is becoming the norm for many states. Ransomware, a form of cybercrime in which malicious actors infect a computer system or network with malware and hold data or the system hostage in exchange for payment, is on the rise — and state and local leaders are taking notice.

The state of New York, however, is ready to fight, with Sen. Chuck Schumer leading the call to arms. In an attempt to unite state and federal agency resources, Schumer, a three-term Democrat, has proposed a Cybersecurity National Action Plan, reports Government Technology.

Schumer is particularly focused on the problem because several towns and localities in New York have been hit by ransomware attacks.

In Ilion, N.Y., the town’s leaders were forced to pay $800 to hackers to regain control of their IT systems. Manlius, N.Y, was similarly attacked, but unlike Ilion, the town’s IT team successfully prevented the hostile takeover, according to GovTech.

“Our country’s critical infrastructure is still far too vulnerable to hackers, and we must do more — and fast — to ward off this metastasizing threat,” said Schumer. “Russia’s recent ransomware hacks against municipalities and businesses in upstate New York mean those in our small towns and villages are being forced to pay a big price.”

Fighting Back Against Ransomware Attacks

When state and local agencies are hijacked by outsiders, what are the best ways to fight back?

The most natural response is to refuse to give in to the hijackers demands, but in some cases, the data is worth paying for. For example, the Dickson County Sheriff’s Office in Tennessee faced a difficult situation in 2014 when ransomware infected the department’s report management system, StateTech reported at the time. The department was notified by the hackers through a message on officers’ computer screens that it needed to pay a $572 ransom if they ever wanted to see their data.

“My first response is, we are not going to be held hostage. We are not going to pay a fee to get our records back. But once it was determined which records were involved and that they were crucial to victims of crimes in this county, and to the operations of the sheriff’s office and the citizens of this county … I had no choice but to authorize to pay this,” said Sheriff Jeff Bledsoe in an interview with The Tennessean.

James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, advised state and local leaders to build layered defenses into their security strategies to defend against ransomware threats, in a StateTech story earlier this year.

Organizations should also establish policies and procedures to ensure that all computer systems are set up properly with anti-virus and anti-malware software and are connected to user-behavior analytics systems to monitor users.

Agencies should make sure they create layered security systems. That involves whitelisting certain traffic for firewalls and also explicitly denying traffic from sources like TOR and I2P (which let users surf the web and send data anonymously).

Additionally, Joyce Starosciak, IT manager for the Sacramento Regional Fire/EMS Communications Center in California, advised state IT leaders to educate users on the social engineering tricks that are often deployed to ensare unsuspecting victims, in a 2014 StateTech guest column.

“Continue to warn staff not to open email that looks suspicious. Spoofing usually takes the form of email from a source that seems reputable,” wrote Starosciak. “Train new workers and remind experienced ones not to click on links that may be malicious.”