Security

AI-Driven Ransomware Can Be Thwarted With Zero-Trust Networking

State and local governments must modernize legacy systems and cybersecurity to prepare for the next wave of AI ransomware — and they must do it now.

Adam Ford

Adam Ford is CTO of state and local government and education for Zscaler.

In February, the Cybersecurity and Infrastructure Security Agency, the FBI and the Multi-State Information Sharing and Analysis Center issued a joint cybersecurity advisory warning about Ghost ransomware attacks.

The notice was part of an ongoing #StopRansomware series highlighting ransomware variants and threat actors, and provides great information on these risks. It wasn’t the first joint warning related to ransomware attacks, and it won’t be the last. The advisory explains that Ghost ransomware threat actors have been victimizing organizations across the globe. This includes public sector entities at all levels of government as well as critical infrastructure, healthcare, K–12 and higher education.

Ransomware remains such a significant threat to state and local governments because it can expose sensitive data, render systems and networks inoperable, and require expensive containment and mitigation efforts. Increased reliance on IT to support the mission of government makes ransomware defense a priority for all organizations.

Click the banner below for more detail about AI’s convergence with cybersecurity.

In part, this means having a stronger understanding of the most popular attack vectors. For example, even Ghost, which has wreaked havoc on organizations all over the world, is technically unexceptional. It relies extensively upon exploitation of known vulnerabilities to establish initial access to victims. Some of these vulnerabilities date back more than a decade.

With this in mind, it’s critical that government cybersecurity leaders take action to defend against threat actors’ most tried-and-true tactics, techniques and procedures by modernizing their systems to guard against them. At the same time, they must also actively prepare for the acceleration and increasing sophistication of ransomware attacks powered by a new source of havoc: artificial intelligence and machine learning.

AI Makes Ransomware More Threatening to the Public Sector

In its recent ransomware report, Zscaler ThreatLabz notes that ransomware attacks increased almost 18% year over year between 2023 and 2024, with AI-powered phishing and extortion techniques leading the charge.

Just as generative AI is changing how we interact with the information we use in our jobs and daily lives, it’s also upskilling threat actors. GenAI lets threat actors produce more convincing messages for phishing campaigns and makes it easier to conduct spear phishing at scale with algorithms rather than human efforts.

With just a simple prompt, GenAI can leverage publicly available information to generate tailored messages that appear authentic and credible enough to deceive targets and ultimately increase the success rate of social engineering attacks.

Gone are the days of the advance payment scam; AI-driven ransomware is highly sophisticated, often leading to targeted, personalized and convincing schemes. The escalating risk underscores the need for state and local governments to modernize their cybersecurity defenses.

Zero-Trust Networking Secures Legacy IT, Stalls AI Ransomware

State and local government agencies are home to vast amounts of sensitive data, from criminal justice information and public health records to municipal finance data — all lucrative targets because of their essential nature and the mass disruption that may ensue if they are attacked.

As cybersecurity leaders build out cybersecurity strategies, they must modernize their legacy IT infrastructure wherever possible. They must also adopt proactive security measures, including zero-trust networking, to stay ahead of threat actors, combat modern ransomware and keep our governments up and operational.

Public-sector entities often operate with limited resources, and they regularly support aging IT infrastructure. It’s not always possible to simply turn legacy systems off, even when they include known vulnerabilities. For little risk, ransomware attackers stand to gain big rewards.

EXPLORE: Government officials identify their top cybersecurity KPIs.

Threat actors such as Ghost will continue to exploit this fact if organizations are unable to modernize these systems or change how they are presented to the internet. Traditional network security approaches, including VPNs and perimeter-based security, will leave systems open to exploitation by threat actors. The fact that AI is helping attackers execute widespread attacks against exposed vulnerable systems at scale compounds the risk.

Zero-trust networking is the best way to catch breaches early and often, especially those that involve exploitation of legacy systems. Zero trust eliminates implicit trust not only by verifying users, endpoints and applications — both outside and inside the network — but also by ensuring users access only what they need. This is in stark contrast to traditional castle-and-moat networking. With zero-trust networking, if attackers gain initial access, they can be constrained from moving laterally to impact more machines.

Threat actors will not wait for governments to modernize their systems and implement new security controls before attacking. They’ll continue to exploit legacy systems as a way in — only now, they’ll use ransomware to do it more effectively.

The #StopRansomware series describes how attackers are effectively impacting state and local governments today. It calls on us to modernize our systems and adopt new security approaches, including zero-trust network architecture. The time to embrace change is now.

eclipse_images/Getty Images