Nov 07 2023

How States and Localities Can Fight Back Against Ransomware Attacks

Here are several specific actions that government agencies can take to foster zero trust.

In the fight against cybercriminals, media and public attention is focused most often on the federal government’s efforts to secure the nation’s critical infrastructure against ransomware and other attacks.

But a less noticed target is equally if not more vulnerable: cities, states, municipalities and other public entities. A rash of ransomware attacks against city governments, from Dallas to Lowell, Mass., reinforces the notion that localities are attractive targets for cybercriminals seeking easy payouts or valuable, easily sold information.

Research from Zscaler ThreatLabz shows that ransomware attacks increased nationally by more than 37 percent between April 2022 and April 2023, with cybercriminals becoming increasingly sophisticated in their use of phishing and social engineering.

The Zscaler report warned that ransomware gangs are expected to increasingly target cities, states and municipalities due to their low security posture, with attacks that “often significantly disrupt important public services and expose large caches of sensitive information, including PII, financial data, private records and much more.”

Click the banner below for more on how to improve your cybersecurity posture.

A Federal Proposal Calls for Working with States and Localities

In response, IT leaders can do a lot. Through four key steps — preventing initial compromise, stopping compromised users and initial threats, eliminating lateral movement by minimizing attack surfaces, and preventing data loss — state and local agencies can protect against and mitigate the harm from ransomware.

The combination of offense and defense reflects federal guidance, where the Biden administration and lawmakers are facing a darkening cyberthreat landscape.

In its recent National Cybersecurity Strategy and implementation plan, the White House called for a multipronged approach to tackling ransomware threats, directing federal agencies with guidance and timelines to improve cyber resiliency in the face of evolving tactics.

On Capitol Hill, lawmakers recently introduced the Cybersecurity Awareness Act, a bipartisan bill to equip the most frequent targets of ransomware attacks, as well as underserved communities across the country, with critical access to cybersecurity training, education and resources. Under the legislation, the Cybersecurity and Infrastructure Security Agency would work with state and local governments, along with federal agencies and others, to promote cybersecurity best practices such as multifactor authentication and password security.

LEARN MORE: How can red teaming help agencies identify vulnerabilities?

Zero Trust Can Stem the Rising Tide of Ransomware Attacks

Despite the growing awareness, ransomware attacks are on the rise in localities nationwide.

In Dallas, for example, an attack in May took down city systems ranging from police and fire dispatch to courts and online payments. Firefighters reportedly were forced to rely on an old-fashioned radio and paper system.

Another ransomware strike targeting Oakland, Calif., caused a trove of employee and resident personal data to be released on the so-called dark web.

In Lowell, Mass., a recent ransomware attack led to all city computers being shut down, wiped and restored in what one official called “the biggest reboot in the city’s history.”

Going forward, things may only get riskier. “With the growing adoption of cloud computing and storage,” the recent Zscaler report warns, “ransomware attackers are likely to develop new types of ransomware and campaigns optimized for targeting cloud services and workflows.” The result, the report noted, could be “widespread damage, business disruption and theft of sensitive data, impacting multiple users or organizations simultaneously.”

A zero-trust approach to overall security is an organization’s most powerful weapon. Zero-trust security architectures redefine how user traffic reaches target applications. Whether from user to app, user to internet, or app to app, connectivity is direct, secure and ephemeral. This security strategy would help governments solidify statewide strategy and tactics while protecting the enterprise and citizen data.

EXPLORE: Learn how to fend off ransomware with a cybersecurity recovery program.

State and Local Agencies Can Take These Steps Now

On a more granular level, to prevent initial compromise, agencies should consider the best options for employing consistent security policies; for example, implementing extensive SSL inspection, browser isolation, inline sandboxing and policy-driven access control.

The best defense when users are compromised — and to prevent insider threats — includes combining inline application inspection and identity threat detection and response with integrated deception capabilities.

If attackers make it inside a state or local network, officials can prevent lateral movement by disconnecting applications from the internet and embracing a zero-trust network access architecture. With ZTNA, organizations connect users directly to applications, and connect applications to applications, rather than to the network itself, significantly restricting the potential reach of an attack.

Finally, to prevent data loss, good cybersecurity hygiene calls for implementing inline data loss prevention measures with full transport layer security inspection to thoroughly review data both in transit and at rest.

By adopting these best practices, state, local and municipal authorities can stay ahead of threat actors — and proactively protect their users, workloads and devices so valuable data remains safe from the growing threat of ransomware and other attacks.

visualspace/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT