contact us

Getting Proactive About Defending Government Agencies From Ransomware

by Nov 22, 2019

Getting Proactive About Defending Government Agencies From Ransomware

2019 has set a new high water mark for ransomware and it is no secret that state and local governments have taken the brunt of the damage. Government agencies and school districts often have much smaller security budgets and fewer IT staff compared to more traditional enterprises, and this has made them an inviting target for criminals.

And unfortunately, the damage caused by ransomware can be astronomical. The ransomware attack on the City of Atlanta is estimated to ultimately cost $17 Million, while the attack on Baltimore is projected at over $18 Million. And while these attacks on large cities grab the headlines, smaller towns and local governments have been targeted as well. And the services that are impacted are often vital with attacks having disrupted police departments, courts, transit, schools, and a variety of other services.

It’s Time to Get Proactive

While the problem is well known, organizations often struggle to find the solution. There are certainly no lack of potential tools and technologies offering a fix. But for lean security teams, the question is what to do first, and what will deliver the most security bang for the buck.

Unfortunately, many of the approaches to ransomware tend to be fairly reactive by focusing on how to detect and respond to a ransomware attack in progress. Limiting the damage of an attack is certainly important, but we also need to look at ways we can prevent the attack from happening in the first place.

RiskSense CEO, Srinivas Mukkamala recently took up this concept in his recent article in GCN. In it he points out that one of the reasons that state and local governments tend to get hit more often is that also tend to be the most vulnerable. Our recent Spotlight Report on ransomware shows that many of the vulnerabilities that ransomware uses to cause damage are actually quite old, with some being as old as 2010. The MS17-010 vulnerabilities originally made famous by WannaCry are still being used today by new ransomware families such as Ryuk.

These are the vulnerabilities that attackers use to actually cause damage to critical assets and servers. These are the vulnerabilities that lead to the organization losing functionality and cause disruption. Most importantly, it is a fairly concise and manageable list of vulnerabilities. We even boiled down the analysis to focus on the Top 10 most important vulnerabilities related to ransomware. By focusing on just a handful of vulnerabilities, agencies take proactive action to prevent a ransomware attack from ever happening in the first place. In terms of time and effort this is far more efficient than simply trying to manage an active attack.

While ransomware is a complex topic, and no solution is a silver bullet, it is also important to remember the basics. As the saying goes, an ounce of prevention is worth a pound of cure. This is true for ransomware as well where a little patching effort can keep the very bad day from ever happening.