By: Gene Fredriksen, Security Strategy Consultant
The NCUA states that the rising threat of ransomware is a particular concern for smaller financial institutions like credit unions. Ransomware attacks skyrocketed in the first quarter of 2019, according to the Beazley Breach Response (BBR) Services team, which reports a 105% increase in the number of ransomware attack notifications against clients compared to Q1 2018.
Not only has the frequency of attacks increased, but attackers are shifting focus, targeting larger organizations and demanding higher ransom payments.
What is Ransomware?
Ransomware is a type of malicious software that cyber criminals use to deny access to systems or data. The malicious cyber actor holds systems or data hostage until the ransom is paid. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remains unavailable or data may be deleted.
In August, Texas authorities reported that attackers targeted 23 cities and government agencies, holding computer systems across the state for ransom. Recently, a security firm published a study of ransomware attacks, which stated approximately 17% of state and local governments attacked ended up paying the ransom. Another 2019 study found over 169 instances of ransomware infecting state and local governments since 2013. These instances are all reminders that cities and many critical sectors are not yet ready to defend themselves.
Borger, one of the Texas cities affected, reported that even without paying the ransom, it managed to regain some of the disabled functions. It is now able to process requests for vital records like birth certificates, although the ability to accept e-payments is still offline.
It is important to have a plan to deal with a ransomware attack. The FBI and other law enforcement agencies recommend that companies do not pay a ransom and the only way to avoid paying is to have current, well-organized copies of sensitive data.
A Unified Solution
The high cost of disruption caused by cyberattacks underscores the need for public sector organizations to work together. We should share threats, lessons and defense strategies, not just within our own sector, but across sectors, to strategically plan and closely monitor security investments. Today, government, employees, the public and all stakeholders must all be actively involved in anticipating, preventing and responding to cyberattacks. Collaboration and teamwork will ensure government agencies and industries deliver on their missions to protect citizens and provide services, respectively.
There have been no reports of the Texas victims paying anything to the attackers. However, the campaign against multiple government organizations may inspire similar attempts in the future, as seen by escalating chatter in underground hacker discussion boards. Given the way ransomware attackers copy each other, we should expect to see more of these attacks.
It is time to act and bring focus to a united front against ransomware in all sectors. Threats and attacks will likely become more frequent and damaging. We must learn to be as effective at sharing information as the cyber criminals, in order to avoid becoming victims.