What is a ransomware attack?
It’s a specific type of cyberattack in which the attacker is not interested in capturing and stealing data to sell to others but instead wants to cripple operations by encrypting the organization’s data such that no one can access it. The attacker then demands payment, typically via Bitcoin, to restore access to the data so the organization can return to operations.
Encrypting data may not sound so bad at first, but it can be a huge deal for local governments and businesses. If the attacker can target and encrypt the right portions of your technology environment, then they can halt your critical services. This can include any variety of activities like voicemail, email, and the ability to access line of business applications.
Why is local government such a big target?
A major reason is that the private sector has invested more in cybersecurity than the public sector. This makes the private sector better defended against attacks. Local government has the challenge of being a fixed budget operation. As a result, we’ve seen municipalities trying to redirect dollars from IT to cybersecurity. However, cybersecurity needs strong IT and its own investment.
Additionally, local government has an information challenge. Because so much information is publicly available, attackers can craft more convincing emails to persuade employees to mistakenly take action that can initiate a ransomware attack. Recent attacks experienced by Pensacola, FL and Durham, NC illustrate the threat.
How should an organization respond if they are the victim of a ransomware attack?
In general, you have two options.
Option one is to pay the ransom to retrieve the data.
Option two is to attempt to restore systems without payment.
When looking at option one, cyber liability insurance is really helpful. Most carriers will cover your ransom payout. Some ransom payments are half a million dollars and up, but many are in the $15,000 to $25,000 range. So, it’s not all big targets. It’s often whoever is most vulnerable that gets attention.
Also, many people don’t realize the ransom is negotiable. However, negotiating is not recommended unless you have access to a professional with experience in navigating the situation. Those professionals are also better able to gauge the likelihood that paying the ransom will actually result in the attacker releasing the data so that operations may be restored. The last thing you want is to pay the ransom and still not gain access to your data.
When looking at option two, ideally you have properly configured data backups. If that’s the case, you’re then able to restore your data from backups and return to operations. The timeline for restoration can vary greatly depending on how backups are configured and the scope of the attack. It can be as quick as 24 hours and as long as several months. Atlanta, for example, spent months on its recovery effort.
Regardless of the option you choose, you must figure out how you were attacked and take action to address the vulnerability. If you don’t close the hole as part of your recovery effort you are certain to be attacked again.
How can you improve ransomware protection?
Protection is important, but so is testing and detection. Here are three big areas to focus on.
Employee Awareness Training
In order to take the right steps, it’s important to know how the attacks often occur. The primary method of attack is via compelling emails that entice employees to click on a seemingly relevant link that then initiates the ransomware attack. To combat these emails, you need a culture of cybersecurity. Employee awareness training is a critical component to building that culture. There are many online training tools to aid this process and keep cybersecurity top of mind for your entire organization.
Threat Detection
According to IBM, the average time it takes to identify a breach is 280 days. A cybercriminal can do a whole lot of damage with that much time undetected in your network and system. That’s why it’s important to have threat detection as part of your cybersecurity defenses. This helps identify issues inside your network so you can address them faster.
Vulnerability Scans and Penetration Tests
Cybersecurity strategy evolves quickly. And it’s easy for there to be blind spots in your defenses. That’s why it’s important to regularly test your cybersecurity strategy. Vulnerability scans offer a quick, higher-level snapshot of potential weaknesses. Penetration tests go a step further to really uncover what vulnerabilities need the most attention.
Free Resource to Get Started
Since 95% of successful cyberattacks start with a phishing attempt, it's important to prepare your employees. Download this free phishing signs guide to share with your employees.