We’ve seen a spate of ransomware attacks repeated across the country in recent months, particularly targeting cities, counties and other government agencies. After the attack on the City of Baltimore brought many public services to a halt, more cities, including two in Florida, soon followed. In the case of Baltimore, the ransomware was able to shut down city employees’ email, halt credit card payments for city services and fines, and freeze the processing of property transactions.
Having witnessed the crippling and prolonged impact of the attack on Baltimore, Lake City and Riviera Beach agreed to pay a total ransom of just over $1 million in Bitcoin to the hackers, with the hopes of getting city services up and running again as quickly as possible. Whether this was the right thing to do is debatable but seeing such a big payday has no doubt emboldened hackers to go after more soft targets. The headlines over the past week tell us that 23 local governments in Texas are known to be the latest targets in a growing list.
Lessons to be Learned
The obvious takeaway from this is that hackers have found a new, more vulnerable sector to attack. From my experience as an IT manager for the Washington State Department of Corrections many years ago, most agencies’ IT and cyber-security budgets are poorly lacking. In fact, I would argue that cyber-security is a very low priority. In addition, these agencies generally do not offer competitive salaries for IT and information security, and they spend very little in training for those staff. These agencies need security tools that are both high impact and easy to implement.
NetMotion can Help
If you’re familiar with NetMotion Mobility, you’ll know that its VPN protects data traffic from any point of presence and maintains authentication through various states of network connectivity (as workers transition from a corporate WiFi environment to a cellular environment and onto public WiFi, for example). That capability is certainly useful, but by itself will not protect employees from ransomware. NetMotion’s Network Access Control (NAC) module adds another check that is helpful, as well as quarantining compromised machines that are identified by anti-virus. However, it’s important to keep in mind that anti-virus alone is not a complete solution for advanced threat protection if it only uses signatures.
The Biggest Security Risks
The biggest threats to any organization today are from phishing attacks and a lack of patching. You can add drive-by web sites to that list, too. They install adware and malware on a machine after the user clicks on a link. Once the attacker has a foothold in a machine, it’s relatively easy for them to start looking for vulnerabilities and moving through the network.
The most promising new product in our arsenal is Reputation. As a part of Mobility, it ranks websites on their risk to users, and can prevent devices from visiting those websites if the risk reaches a threshold. In our next release we will include the ability for Reputation to block sites based on policies; which will specifically add to a better defense against website links that contain malicious code.
What about alerts? Don’t they help IT security teams block malicious websites? Yes, alerts can be set up to flag a site as a potential threat, but once it is visited by an employee – and by the time security staff sees it and takes action – the damage is done. That’s why instant blocking of malicious websites is vital for any solution.
For further reading on the recent attacks in Texas, Atlanta, Florida and Baltimore, check out Texas Pummeled by Coordinated Ransomware Attack from Data Breach Today which does a great job of discussing the cost of paying (or not paying) a ransom, the recovery process, and the cost of not implementing in-depth defense solutions.
Recent data shows that many industries are being targeted by ransomware. And although public sector agencies make up only a small percentage today, they are facing an increasing volume of sophisticated attacks.
“Not paying, however, can be costly. For example, the mayor of Atlanta earned plaudits in 2018 for stating unequivocally that her city would not pay a $51,000 ransom demanded by ransomware attackers in exchange for a key to decrypt the city’s crypto-locked systems. But that came at a cost, as Mayor Keisha Lance Bottoms later told a U.S. House of Representatives committee. Fifteen months after the ransomware attack, she said the city had spent $7.2 million on cleanup costs and said costs – only some of which are covered by insurance – might yet increase.”Data Breach Today
Profits from Ransomware Attacks Surge
“In Q2 of 2019, the average ransom payment increased by 184 percent to $36,295, as compared to $12,762 in Q1 of 2019. The increase reflects the growing prevalence of Ryuk and Sodinokibi, variants of ransomware that have rapidly increased their demands. These types of ransomware are predominantly used in targeted attacks on larger enterprises, or on distributed networks of companies via IT managed service providers or hosting ISPs.”Coveware