Softening the impact of ransomware attacks

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Stephanie Kanowitz,
Contributor, Route Fifty
 

Connecting state and local government leaders

By Stephanie Kanowitz

|

Even as the number and severity of ransomware attacks ratchet up, agencies have low-cost options for hardening their IT systems.

Three days after virtual learning kicked off in Fairfax County, Va., the public school board announced that it had become the victim of a ransomware attack. The 10th largest school division in the country, with more than 188,000 students and about 25,000 employees, Fairfax County Public Schools (FCPS) began working with FBI to pinpoint what data was affected when the hacker group Maze, which claimed responsibility, struck.

FCPS was lucky: The attack didn’t affect distance learning. But other localities were not as lucky. An attack on the Newhall School District in California shut down distance learning for 6,000 elementary school students, and an attack on Hartford, Conn., delayed the start of school for 18,000 students.  When officials in the school district that includes Las Vegas refused to pay to unlock their administrative systems after a ransomware attack, the Maze group posted personal information of employees and students including names, addresses, grades and Social Security numbers.

Ransomware attacks have long been a top cybersecurity concern for organizations in every sector, not just public education. In fact, a mid-year report by Bitdefender found a 715% year-on-year increase in the number of ransomware attacks globally, and last October, CNN reported that in the first 10 months of 2019, 140 local governments, police stations and hospitals experienced ransomware attacks.

“State and local governments get targeted frequently” because they have so many employees and, in some cases, their security systems may not be as up-to-date as other organizations,” said Jon Toor, chief marketing officer of Cloudian, a data storage company. “They could present a little bit softer target,” he said.

Slow-to-evolve processes and procedures are also to blame for state and local entities’ vulnerabilities, he said. One thing they need to consider is a more robust environment that includes backups of data stored someplace secure, even air-gapped. “That’s the first and foremost defense,” Toor said.

Migration to the cloud often provides a false sense of security for agencies. Although the cloud has security benefits, about half of attacks target data in the cloud, Toor said. “You really need to put defensive measures in place wherever your data is.”

The coronavirus pandemic has accelerated the number of ransomware attacks. Bitdefender’s report stated that there was a five-fold increase in the number of COVID-themed attempts reported in the first two weeks of March and that an average of 60% of emails received in May and June were fraudulent.

“The attack method and the technology being leveraged is still the same,” said James Carder, chief security officer and vice president of labs at LogRhythm, a security intelligence company. “It’s just the fact that they’re disguising it and putting the cover of the pandemic over it to get the users to click more.”

Additionally, as school districts and state and local governments worked to quickly implement learning and business systems that students, employees and the public could use from home, cybersecurity sometimes took a backseat to operations.

“Security controls often come in second to the operation of the business, and so we’re playing catch-up from that perspective,” Carder said.

He recommended six steps that organizations at all levels of government can take to harden their IT systems:

  1. Prepare -- Patch security gaps and run tabletop exercises that simulate ransomware attacks, Carder recommended. “You don’t want to experience it for the first time and have it be the first time you update your plan,” he said. 
  2. Detect -- Use threat intelligence to block or alert IT staff to anomalies associated with ransomware. 
  3. Contain – If infected, block and isolate the local host from the network to prevent further encryption. 
  4. Constantly monitor -- Have a view of the entire range of networks and apps across the IT landscape. 
  5. Eradicate -- Replace affected machines or remove the malicious email.
  6. Recover -- Restore from backup and conduct forensic investigations.

Funding is a big concern for school districts and state and local governments, many of which face considerable shortfalls as a result of pandemic-related shutdowns and rising unemployment. But they don’t have to spend lots of tax dollars to make a considerable difference in their security postures.

“If you go down the zero-trust path as a school district, that may incur some additional costs that may not be budgeted,” Carder said. Agencies have some lower cost options, though, including “tabletop exercises you could do yourself, backups you could control, training – that could be simply raising awareness through email,” he said.

One path to better security is as simple as keeping backups separate from the active network, Toor said.

“Everyone does backup as a normal part of their process, so if you’re upgrading your backup process, which happens periodically, make sure that you’ve incorporated object lock,” which prevents app and data version deletion, he said. “Many folks may have access to this and not even know it.”

Although the average ransomware attack at a large organization can cost upward of $1 million, protected backup copies can cut that amount in half, Toor added.

NEXT STORY: Simplifying forensic investigations: 10 questions to ask

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.