Oct 10 2019

As Ransomware Attacks Loom, Preparation Is Critical for Municipalities

By training personnel and upgrading security, local governments can mitigate aggressive viruses.

Earlier this year, two Florida cities, Riviera Beach and Lake City, were forced to pay a combined total of more than $1.1 million when it became clear after several weeks that there was just no way to recover from a ransomware attack without paying to unlock their data. 

In addition to shelling out $600,000, Riviera Beach also invested $941,000 for new desktops, laptops and other hardware to rebuild its IT infrastructure as a result of the attack. Previously, Riviera Beach Interim IT Manager Justin Williams received authorization to spend roughly $800,000 on a new security system after warning the city council in February that the old system was outdated and susceptible to ransomware and other threats, The Palm Beach Post reports.

With all of the upgrades after the ransomware attack in May, Riviera Beach is now in a better position to defend against a ransomware attack. “Prevention is a word we have to be careful with. It’s more accurate to talk about managing risk,” says Kelvin Coleman, executive director of the National Cyber Security Alliance.

With this in mind, experts recommend local governments train personnel and fortify technology to mitigate from these types of attacks — without shelling out ransom money.

SUBSCRIBE: Become an Insider and get curated cybersecurity news, tactics and analysis — for free.

Education and Awareness Is Key to Preventing Cyberattacks

One of the biggest risks municipalities and other organizations face has nothing to do with the technology and practices that are in place.

“You can put in the most sophisticated product and implement the most amazing processes, but you still have people you have to train on those products and processes,” Coleman says. “The first thing you need to look at is employee education, being able to make sure your folks have been properly trained on what to look for, things that are out of place.”

That education and awareness should also take the form of drills or simulations such as those undertaken to prepare for fire or other emergency situations, something Coleman says is sorely lacking in the field.

“We’re being hit millions, if not billions of times a day at the local government level, every single day, every single hour. It’s amazing that we don’t have more training that focuses on this,” he says.

There should also be a focus on how personal devices are allowed to interact with municipal networks, which should be governed by a strong BYOD policy.

“We’re in such an era of continuous connectivity that part of our brain says, ‘What I do for work is on one part of my device and what I do personally is on another side,’” Coleman says. “The problem is that it all interacts together, and what you do on your device has consequences for everyone. That’s where education and awareness come in.”

Malware Defenses Must Get More Sophisticated

Barracuda Networks identified at least 70 municipalities attacked by ransomware in 2019. In a blog post, Barracuda identified Ryuk, SamSam, LockerGoga, and RobbinHood ransomware packages as being used frequently in campaigns against governments.

“The team’s recent analysis of hundreds of attacks across a broad set of targets revealed that government organizations are the intended victims of nearly two-thirds of all ransomware attacks,” Barracuda CTO Fleming Shi says. “Local, county, and state governments have all been targets, including schools, libraries, courts, and other entities.”

Hackers are constantly using more and more sophisticated tools and tricks to seek out vulnerabilities they can exploit to gain access to networks. In the case of Riviera Beach, a city employee opened a malicious attachment on an email, exposing a vulnerable system to attack. 

“For emails with malicious documents attached, both static and dynamic analysis can pick up on indicators that the document is trying to download and run an executable, which no document should ever be doing. The URL for the executable can often be flagged using heuristics or threat intelligence systems. Obfuscation detected by static analysis can also indicate whether a document may be suspicious,” Barracuda prescribes.

When your data is locked and you have no way to replace or restore it, that’s when reality sets in; by then, Coleman says, the wake-up call has come too late. 

“You get religion real quick. When you bring that home to municipal leaders at the local level, they begin to understand that education and training part because bad actors are using everything from emails with malware and unsolicited phone calls to get information, or text messaging,” he says. “Phishers will try any trick to get employees to install malware or to gain intelligence, so that awareness piece is so very important.”

metamorworks/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT