What to do When Your Government is Being Held for Ransom
It used to be that malicious computer programs were used to disrupt the normal course of business or destroy valuable information, but more and more, hackers are demanding a ransom for the release of the data they’ve infiltrated. The worst part is that many cities and organizations have acquiesced to the demands of ransomware infiltrators, paying large sums of money to regain control of their computer systems. If nothing else, this certainly shows hackers that the business model works.
Unfortunately, these incidents are becoming more common, and governments are no better off than private businesses at avoiding the sights of these hackers. Just over a week ago, 22 Texas towns were the target of a ransomware attack, all from a single source. Other attacks included one on Baltimore earlier this year that caused problems for over a month and two cities in Florida that paid out over a million dollars combined to satisfy hackers. The U.S. Conference of Mayors says that at least 170 city, county, or state governments have had a ransomware attack since 2013. The Conference recently put forward a resolution which opposes making ransomware payments.
The publicity of the payments that have been made should certainly do nothing to slow down the threat of ransomware (although Texas declined to comment on whether or not any payments were made), so governments will need to take action to avoid being in the next headline.
There isn’t a great way to make a successful organization an unattractive target for ransomware, but here are a few steps that can be taken to mitigate or eliminate the damage:
Be Prepared
There’s little use in figuring out your ransomware response after an attack has occurred, so it’s important to be as prepared as possible in advance. This means creating backups of your essential data and systems, storing them offline so they can’t be targeted. Your employees also need to be properly trained in both recognizing a potential attack and reporting it to the proper channels. All of this should be outlined, along with the steps that will be taken in the event of an attack, in agreed upon and established documentation.
Call the Feds
The FBI, Secret Service, and Department of Homeland Security are all agencies working to curb ransomware. Retaining activity logs can give the government clues regarding the nature and scope of the attack. The FBI is responsible for investigating cyberattacks and can even help remedy the situation depending on the type of attack. They encourage organizations to not pay ransoms and report all attacks.
Try to Fix Things Before You Pay
Europe has taken a very proactive approach to tackling ransomware and the website led by Europol and a handful of private companies, No More Ransom, is a great place to start if you’ve been attacked. The group has created freely available decryption tools that will be able to save your data if it’s been infected by a number of popular ransomware viruses (the site currently hosts over 100 decryption tools). There are private companies that can try to decrypt your data for a fee as well, but starting with a free and reputable international policing organization’s work is a smart place to begin.
Keeping data safe is important, and whether you’re posting it publicly or it may be a target for hackers to access, Extract provides automated redaction tools to permanently eliminate sensitive data from your documents. If you’d like to learn more about how we do this, please reach out today.