Ransomware attacks have become a significant threat to organizations around the world, but governments have been especially targeted in recent years.
Defending against these attacks requires an organization to have a strong cyber defenses deployed to prevent an infection as well as a disaster recovery plan in place. However, in the majority of cases, government employees have not received even general training regarding how to protect against and respond to a ransomware attack.
Inside a Ransomware Attack
Ransomware has been around for over a decade, but it became famous with the WannaCry attack in 2017. Since then, a number of different cybercrime groups have developed their own variants of ransomware malware and have used it to great effect.
A ransomware attack takes advantage of the easy availability of strong cryptographic algorithms on modern computers. Once on a machine, ransomware can easily render all of a user’s files unreadable unless they have access to the decryption key. Since this decryption key is in the possession of the attacker, they have an easy means for extorting payments from their targets.
The ransomware threat is well-known and widely acknowledged but protecting against ransomware infections can be extremely difficult. The majority of ransomware attacks use phishing emails to infect an organization with malware. Once inside, the malware can spread to other systems and connected storage media behind the company firewall.
Government Employees Are Inadequately Trained
Protecting against phishing attacks is challenging since these attacks are targeted at exploiting the human behind the keyboard rather than any vulnerability on the computer itself.
A software vulnerability can be rendered completely unusable for an attacker by applying a single patch once it becomes available. The best way to protect against phishing emails is training the user not to fall for them.
In the majority of cases, a user must be trained several times for basic cybersecurity hygiene practices, like protecting themselves against phishing attacks, in order for them to sink in.
This process is complicated by the fact that many cybercriminals work to constantly evolve their pretexts and attacks to increase the probability that a malicious email will slip past email filters and the behaviors ingrained through cybersecurity awareness training.
However, this assumes that the end user ever receives that training in the first place. A survey of government employees found that only 38% of them had received general ransomware prevention training, despite the fact that ransomware attacks have been increasingly targeting governments in the past year.
Almost twice as many of the government employees (73%) are concerned about the threat that ransomware poses to cities in the near future, and one-sixth of them reported that their department had been affected by a ransomware attack in the past.
Impacts of Government Ransomware Attacks
For any organization, a ransomware attack could have a significant impact on its ability to operate. Loss of access to customer data or encryption of research and development data could make it impossible for the organization to operate or even force it to pay the ransom in order to maintain competitive advantage. However, the impact of a ransomware attack in a government organization can be even more devastating.
One impact of ransomware attacks on government systems is the loss of ability for them to provide crucial services. Encryption of crucial files on critical infrastructure, such as power plants or water treatment facilities, can make it impossible for these services to operate.
Similarly, encryption of Internet-connected medical devices belonging to healthcare providers and hospitals can impact their ability to provide care. A ransomware attack against a government, if it reaches the wrong systems, can threaten health or even cause loss of life.
With the ongoing primaries and upcoming elections in the United States, a ransomware attack against government systems is a very real threat to the integrity of these elections.
Encryption of certain databases or attacks against election systems may make it more difficult for people to vote and for their votes to be properly and securely tallied. In certain areas, where the margin between a victory and a defeat can be very small, targeted attacks against even a single district or polling location can have a dramatic impact on the eventual outcome of an election.
Protecting Against Ransomware
Ransomware is a cyber threat that is unlikely to go away anytime soon. Ransomware malware is relatively easy to create, easy to spread with phishing emails, and has a demonstrated ability to turn a profit for a cybercriminal.
With ransomware, the only way to get rid of the threat is to make it unprofitable for cybercriminals to perform. This requires organizations to deploy strong protections against ransomware attacks, which includes a robust disaster relief and business continuity plan.
Ransomware attacks depend upon a cybercriminal’s ability to access sensitive data using malware and deny access to it to its owners. A strong data security solution, which monitors and controls access to sensitive data, provides a solution to the first problem. For the second, an organization needs a data backup solution that automatically creates backups at regular intervals and protects them against ransomware attacks.
Performing attacks with malware like ransomware is only a worthwhile endeavor for cybercriminals if it is profitable. The only way to end these attacks, and the threat that they pose to government systems and services, is to deploy cyber defenses that make it unnecessary for a target ever to pay a ransom.