3 steps to keep ahead of a ransomware attack
- By Andrew Hay
- Dec 15, 2016
Nobody wants to go through a ransomware attack. When an agency’s data is particularly sensitive and resources are limited by a federal budget, however, a ransomware situation can feel like a nightmare.
Although ransomware threats aren’t new, they’ve proved to be among the most damaging security incidents in today’s landscape. Attackers often target organizations that harbor personal information about individuals, because personally identifiable information has a high selling value on criminal networks. This tendency puts government agencies directly at risk.
Recently, Rep. Ted Lieu (D-Calif.) urged the House Oversight and Government Reform Committee to hold a hearing on ransomware attacks and the growing threat they pose. Lieu’s action was a direct response to an attack on ticket systems used by the San Francisco Municipal Transportation Agency, as well as a report earlier this year from the FBI that ransomware created $300 million in costs during the first three months of 2016.
As security and IT experts in the government space wait for a response from the committee, many are deploying ransomware defenses at their organizations. Below are three ways to get started.
1. Understand that there’s no right answer regarding payment of ransomware fees.
Paying a ransom is risky, period. In addition to causing a financial blow to the agency, there’s no guarantee that an attacker will, or can, return the kidnapped data. After all, it’s not as if searching for an attacker’s identity online will help evaluate his reputation. For many security and IT pros, the idea of paying a ransomware fee goes against their gut instincts because payment validates the attacker’s business model. Paying the attacker feels like it encourages continued use of the same ransomware strain -- and in all honesty, that might be right.
However, there are some situations in which the business costs associated with potential data loss and customer remediation will add up to more than the ransom in question. In these instances, it might make the most sense to simply pay the ransom and hope for the best.
2. Find the sensitive data.
The easiest, most cost-efficient and reliable ransomware defense is to locate the sensitive data in files and virtual machines and ensure that it is adequately secured. Data is a gold mine for attackers; securing it is more essential than maintaining system’s operations. Consider where every instance of sensitive data lives, which users can access it and how they can use it. With this knowledge, data can be secured before an attack begins, and recovery will be an easy process.
3. Prepare and test a ransomware response plan.
Some agencies attempt to proactively detect and shut down every new ransomware strain. While the effort is valiant, it’s also rarely the most effective tactic. Instead, focus on a response plan.
Backing up data and systems is a standard part of any IT strategy, and it’s a critical step in recovering from ransomware. When IT teams have the power to restore system operations using a snapshot or backup, and they can also recover the data used by that system, there’s no need panic in the face of a cyberattack. Ensure the reliability of backups by testing them frequently.
Ransomware isn’t the only security threat facing government agencies. One underlying fact always increases the security risk: organizations don’t always know what’s in their data, and as a result, they’re ill equipped to protect it.
While industry looks to the House Oversight Committee to address ransomware’s growing influence in the government sector, agencies can invest in awareness about the contents of their data, training staff to recognize threats and building a reliable response plan. These actions put the agency in control and ensure that a ransomware attack won’t create the ultimate crisis.
Andrew Hay is chief information security officer at DataGravity.