5 ways to stay ahead of government-targeted ransomware

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Dan Schiappa
 

Connecting state and local government leaders

By Dan Schiappa

|

Agencies can mitigate the probability of a ransomware attack and improve their chances of recovering from one if they air-gap their backups, supplement detection technology with human expertise and implement layered protection.

It is no surprise that governments around the world are among the most highly targeted and impacted victims of ransomware. Last year’s SolarWinds data breach in the U.S. was a reminder of the ability of cyberattacks to penetrate public-sector agencies and unleash damage across a federal agencies.

According to new independent research from Sophos, over the past year, 40% of central governments and non-departmental public bodies across the globe were attacked by ransomware. This put central governments and NDPBs fourth in a ranking of industries most afflicted by ransomware, surpassed only by retail, education and business/professional services. Considering that federal governments employ trained IT staff, the fact that four in 10 were unable to stop a ransomware attack speaks to the ability of cyber attackers to penetrate even the best defenses. More than one-third (34%) of local governments also reported experiencing a ransomware attack over the past year – curious, considering that local government agencies would presumably have a fewer resources to defend their systems.

Extortion-style ransomware disproportionately aimed at central governments

One disturbing trend seen in ransomware over the past year has been the emergence of “extortion-style” attacks. Ransomware typically involves encrypting a victim’s data and then exchanging the decryption key for payment. Lately, extortion-style attacks – where the attacker steals the data rather than encrypting it and threatens to release it (either to the dark web or to the public) in exchange for a ransom payment – have started to pick up steam.

This is especially acute in the government sector. Central governments and NDPBs experience extortion-style ransomware at nearly double the rate of all industries. That said, encryption-based attacks still remain the most dominant strain of ransomware, comprising almost half (49%) of attacks faced by central government and NDPBs.

In ransomware attacks against local governments, 69% of victims saw their data encrypted – a staggering 20 points greater than what central governments had experienced. These numbers point to an interesting split: Ransomware attacks against central governments are slowly moving from encryption-style to extortion-style attacks, while encryption-based attacks against local governments remain extremely high and extortion-based attacks rare (2%). This difference may be because central governments have relatively higher-value data to steal and hold for extortion, and local government agencies, on the other hand, don’t have the kind of national secrets that central governments do, perhaps sparking less interest among attackers.

Why it’s not worth paying the ransom

In the heat of a ransomware attack, it’s easy to see why just paying the ransom to get data back (or prevent public release) can feel like the path of least resistance. That’s what attackers are counting on, after all. But it’s not necessary. The survey reveals that most (61%) central governments and NDPBs hit with ransomware restored their data from backups. Only 26% ended up paying the ransom to get their data back. In total, nearly all (96%) of central government victims ended up with their data restored. These findings speak to both the need to back up data proactively and how unnecessary it is to pay the ransom to get data returned.

The findings may also point to central government’s awareness about data backups that may not be shared by their smaller counterparts. Among local government organizations that were hit by ransomware, there was an even split between those who restored data through backups and those who paid ransoms to get their data back – 42% for both – indicating that smaller agencies perhaps have a greater need to pay ransoms in order to restore their data, as well as a lack of backups to draw from.

Five ways to stay ahead of government-targeted ransomware

Governments are some of the least prepared organizations in the world to recover from a major malware incident like ransomware. Among all industries surveyed on their malware incident recovery planning preparedness, both central and local governments ranked at the bottom of the list. This cannot continue to be the status quo – particularly when so many central and local governments have either been attacked by ransomware already or expect to be attacked in the future. 

Staying ahead of the ransomware curve calls for more preparedness. Here are five easy steps that central and local government agencies take now to mitigate the probability of a ransomware attack and improve their chances of recovering from one.

  1. Assume an attack is coming. Currently 12% of central government organizations and 22% of local government groups do not expect to be attacked by ransomware. Both of these numbers should be zero. The sooner agencies acknowledge the inevitability of an attack, the more urgency there will be to take steps that can reduce both the likelihood of an attack and the scope of damage inflicted by one.
  2. Implement layered protection across the network. With extortion-style ransomware attacks becoming increasingly prominent, especially among central governments, it’s more important than ever for governments of all sizes to deploy layered protection across as many points of entry as possible.
  3. Supplement anti-ransomware software with trained human specialists. Anti-ransomware technology can only cover so much. Pairing software with expert human-led threat hunting teams is the best approach for catching the red flags signaling an impending attack that a tech-alone approach might miss.
  4. Back up agency data. This might seem like a no-brainer, but only 43% of central governments and NDPBs have air-gapped data backups in place. Even more alarming, just 17% of local government agencies have air-gapped backups. Both of these numbers are much too low. Data backups are the surest, easiest way to restore data after a ransomware attack.
  5. Don’t pay ransoms. Paying the ransom does not guarantee agencies will get their data back. On the contrary, on average, government organizations that pay ransoms only get back 65% of their data. Paying ransoms incentivizes future ransomware attacks and still largely fail to get victims back 100% of their data. Just don’t pay.

NEXT STORY: Protecting critical infrastructure: All hands on deck

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.