5 Ransomware Attack Tips for Government Agencies

If government agencies air-gap their backups, employ layered protection, and supplement detecting technology with human skills, they can reduce the likelihood of ransomware attacks. In addition, they can improve their chances of recovering without great loss.

Cybersecurity and Ransomware Attacks

It’s no surprise that governments are among the most frequent targets and victims of ransomware attacks. The SolarWinds data breach in the United States was a reminder of a cyberattack’s ability to enter public-sector entities. In addition, we saw how it could cause widespread damage.

According to a recent independent analysis, ransomware hit 40% of non-departmental public entities and central governments worldwide in the last year. Only education, retail, and business and professional services ranked higher in a rating of industries most plagued by ransomware.

Given that federal agencies employ top-notch IT personnel, the fact that four out of ten were unable to stop a ransomware attack testifies to cyber attackers’ ability to breach even the most robust defenses.

More than a third of local governments said they had been the victim of a ransomware assault in the previous year. This is surprising given that local government agencies are likely to have fewer resources to safeguard their systems.

Extortion-style ransomware targets central governments disproportionately.

The development of “extortion-style” assaults has been a concerning trend in ransomware recently. Ransomware encrypts a victim’s data. After that, they demand payment in exchange for the decryption key.

Extortion-style assaults, in which an attacker steals data rather than encrypting it is another form of this threat. Once they have the data, they threaten to disclose it either to the general public on the dark web. In exchange for a ransom payment, they will not disclose it. These kinds of attacks have been gaining traction recently.

This is particularly significant in the public sector. Extortion-style ransomware affects central governments and NDPBs at nearly twice the rate of other industries. However, encryption-style ransomware remains the most common type of ransomware. They account for nearly half of all attacks against NDPBs and central governments.

Local Governments Hit Hardest by Ransomware Attacks

Local governments were hit by ransomware attacks in which 69 percent of victims had their data encrypted. This is a figure that was 20 times higher than that of central governments. In addition, these figures reveal an intriguing split. Ransomware attacks against central governments are gradually shifting from encryption to extortion. However, encryption-based attacks against local governments are still common. Nevertheless, extortion-based attacks are uncommon.

This discrepancy could be due to the fact that central governments have higher-value material to steal for extortion.  However, smaller government institutions don’t have the same level of national secrets, inspiring less interest among attackers.

Why paying the ransom isn’t worth it.

It’s easy to see why, in the midst of a ransomware attack, paying the ransom to prevent publication or get your data back may seem like the best option. After all, that’s what the attackers are hoping for. However, it isn’t necessary.

The majority of NDPBs and central governments hit by ransomware were able to restore their data from backups, according to the report. Only 26% of those who paid the ransom got their data back. In total, nearly every central government victim had their data restored. These findings highlight the importance of proactively backing up data. In addition, they show the futility of paying a ransom to obtain data back.

The findings could also indicate that the federal government is aware of data backups that their smaller equivalents may not be aware of.

There are five techniques to avoid government-targeted ransomware attacks.

Governments are among the least well-prepared institutions in the world to recover from catastrophic computer attacks such as ransomware attacks. Both municipal and central governments were put at the bottom of the list for malware incident recovery strategy preparation among all industries in the survey.

We cannot allow this to continue! This is especially true when so many local and central governments have either been hit or anticipate being hit in the future.

Therefore, to stay ahead of the ransomware curve, they will need better preparation. Here are five simple steps that government organizations may take right now to increase their recovery chances and even reduce the risk of ransomware attacks.

1. Assume that an attack is on its way.

At the moment, just 22% of local government organizations and only 12% of central government institutions expect to be hit by ransomware. These both should be Zero! The sooner agencies accept the certainty of an assault, the more urgent it will be to take actions to decrease the likelihood of an attack.

2. Layered security is a must throughout the network.

Extortion-style ransomware assaults are on the rise. This is particularly true among central governments. Therefore, it’s more critical than ever for governments of all sizes to provide layered protection across as many entry points as possible.

3. Add Human Specialists to anti-ransomware

In addition, they should combine anti-ransomware software with human experts. It is crucial to identify the red flags that suggest an oncoming attack. Nevertheless, a tech-alone approach would overlook most of these. Therefore, the answer is to combine software with professional, personal threat hunting teams.

4. Back Up Your Data Before an Attack.

Although this may appear to be a no-brainer, just 43% of NDPBs and central governments and only 17% of local government agencies have air-gapped data backups. After ransomware attacks, data backups are the best approach to restore data.

5. Never Pay Ransoms.

Paying a ransom for your data does not ensure that the data will be given back. Government organizations that pay ransoms, only get back 65 percent of their data on average. In addition, paying ransoms encourages more ransomware attacks. However, it still doesn’t guarantee that victims will receive all of their data back. Simply refuse to pay and backup data instead.

Image Credit: Ricardo Esquivel; Pexels; Thank you!

More Stories