A quick scan of the headlines reveals that ransomware seems to be everywhere and is not slowing down its march into the computers and networks of state and local agencies. Over the past few weeks, the city of Lodi, Calif., the Georgia Department of Public Safety and the Lincoln County Sheriff’s Office in North Carolina all confirmed that they were victims of ransomware attacks.
There have been nearly 200 publicly acknowledged ransomware attacks against state and local governments since late 2013, and the frequency of incidents does not appear to be slowing down.
The recent spate of attacks, which includes a large list of targets, from Baltimore to the Port of San Diego, has raised alarms inside four leading government technology organizations. They, in turn, are warning state and local agencies that they need to step up their cybersecurity defenses to combat ransomware, in which attackers seize control of digital assets and hold them hostage in exchange for payment.
“The growing number of such attacks highlights the critical importance of making cyber preparedness a priority and taking the necessary steps to secure our networks against adversaries. Prevention is the most effective defense against ransomware,” notes a statement issued in late July from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Multi-State Information Sharing and Analysis Center, the National Governors Association and the National Association of State Chief Information Officers.
The organizations say they “are committed to supporting ransomware victims and encouraging all levels of government to proactively protect their networks against the threat of a ransomware attack.”
How to Beat Back Ransomware Attacks
In the statement, the groups called on state, local, territorial and tribal government partners to put efforts into backing up data, refocusing on basic cybersecurity awareness and hygiene, and updating incident response plans.
Agencies should back up their data right now and on a daily basis, the statement urges.
“Immediately and regularly back up all critical agency and system configuration information on a separate device and store the back-ups offline, verifying their integrity and restoration process,” the groups say. “If recovering after an attack, restore a stronger system than you lost, fully patched and updated to the latest version.”
Additionally, agencies need to ensure that their employees have higher levels of cybersecurity awareness and education. “Ransomware attacks often require the human element to succeed,” the groups note. “Refresh employee training on recognizing cyber threats, phishing and suspicious links — the most common vectors for ransomware attacks.”
The groups also note that agency IT leaders should “remind employees of how to report incidents to appropriate IT staff in a timely manner, which should include out-of-band communication paths.”
Finally, agencies need to revisit and refine cybersecurity incident response plans. Agencies “must have a clear plan to address attacks when they occur, including when internal capabilities are overwhelmed. Make sure response plans include how to request assistance from external cyber first responders, such as state agencies, CISA and the MS-ISAC, in the event of an attack.”