Ransomware attacks are complex — preventing them isn’t

As geopolitical conflicts increasingly play out in cyberspace, ransomware attacks are ravaging businesses and governments of all sizes.

Cybersecurity and Infrastructure Security Agency Director Jen Easterly recently implored city officials to make ransomware a “kitchen-table issue.” Ransomware must be simplified so it’s easy to understand and discuss with simple solutions and simple actions.

There are things that towns, cities and counties can do that do not require large budgets, more technology, or more staff. They require a better understanding of how ransomware attacks occur and policies that drastically reduce the ability for criminals to snatch valuable data.

The Cyber Readiness Institute provides free, easy-to-use tools and resources to help small and medium-sized businesses and government entities become more cyber-secure and resilient. Resources and guides focus on human behavior and place significant emphasis on employee education and awareness. Most ransomware and phishing incursions can be prevented by taking practical, common-sense steps.

In the case of ransomware, it is as simple as: prepare, respond and recover.

Prepare

Ransomware gangs and nation states want to hold town’s or city’s data hostage and do the most economic damage possible. To not give them leverage, regularly back up critical data and store it in the cloud or offline. Regularly test your backups.

Know the behaviors bringing ransomware risk including phishing attacks, the most popular entry point for cybercriminals. Conduct routine phishing tests so employees can detect a phishing email before clicking on dangerous links or attachments and, when possible, use anti-phishing software.

Make sure software is up-to-date with the latest security patches. Insist employees use strong passwords or passphrases (at least 15 characters) and implement multi-factor authentication, which requires users to present more than one piece of evidence when logging in to an account. This step alone prevents 99.9% of account-compromise attacks.

If an employee or your government agency is confronted with a ransom request, your organization must first assess the legitimacy by contacting your IT manager. If you have prepared and have backups that work, the ransomware attack is moot.

If the data held hostage is needed and there are no working backups, things become more complex. Check if the data exists somewhere else in the organization so you can “tape” together the data to replace what is being held hostage. If you can’t access the data, ask the following questions:
Is the data critical to your operations?
Has your organization pre-determined that it is OK paying a ransom?
Does your insurance cover it?

Recover

The scope of the ransomware attack and the severity of its impact on your daily operations will determine how much time and effort is needed to recover.

As with any security breach, notify all affected parties, reset the user IDs and passwords, update the software on all devices and reinstall your data from backups once the ransomware threat is neutralized.

Ransomware is not an incurable scourge. Protections are not limited to organizations with the deepest pockets.

Summarized from www.statescoop.com

Leave a Reply