We’ve seen it. We’ve been blogging about it. Ransomware is on the rise…and it is hitting municipalities hard. Multiple cities in Florida have been hit and have paid out hundreds of thousands of dollars in bitcoin, against law enforcement recommendations. Others had no other choice. It was either that or make residents suffer as they tried to recover computer systems and databases. Other cities, like Atlanta and Baltimore, have been hit even harder, spending over $17MM and $18MM respectively, as they try to recover from their attacks.
We can say it is the perfect storm. While Law enforcement continues to encourage organizations not to pay, those cities that don’t give into the ransom demands appear to be “taking one for the team” as their remediation costs often balloon past the initial ransom demands. For smaller municipalities, they’re taking the “easy way out”; paying the ransoms in hopes that they can get back in business as quickly as possible, with some being fortunate enough to have insurance coverage for their losses. This presents an opportunity which hackers and bad actors will undoubtedly seize setting us up for the perfect storm, or a ransomware tsunami as noted in this recent Forbes article.
I get asked – so what are the things these municipalities can do to make protect themselves? Yes, it is understandable that municipal budgets are tight (typically budgets only get released when bad things happen), but at a minimum any municipality can do these in priority order:
- Backups. The Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups. You need to plan your backups such that regular backups are done for all systems and that these backups do not overwrite (read our blog about Tony’s Meats)… and under no circumstances, should these backups be connected to the internet.
- Ransomware Outbreak Drill. Ensure that IT staff is trained on how to handle a ransomware outbreak; if you have a Business Continuity Plan, please put Ransomware Recovery as part of your IT Recovery strategies. Think of it, your building and facilities manager has an emergency preparedness/fire drill, so why wouldn’t you do a Ransomware Drill?
- Assess your weak points. Do a full assessment of the network; there are several products and service providers around that can help with this.
- Inventory and Patch Often. Continually have an updated inventory of all software and all IT components on your network; have a patching strategy to update these.
- Network Security Solutions that Provide Real-time Protection and Remediation. We have said it before, and we will continue to say it – products such as Sandboxes that detect breaches only to tell you have been screwed minutes or potentially hours later. See the NSS Time to Detection Chart Prepared for Cisco:
As an example of Real-time security, Wedge’s Absolute Real-time Protection (WedgeARP) line of products combine: Deep Content Inspection so that it can see ALL content going through the network and improve on detection accuracy, Orchestration of the industry’s best-of-breed security services to cover all advanced threats, Artificial Intelligence and Machine Learning to detect never-before-seen malware, and hyper-streaming technologies like SubSonic and GreenStreaming so that all of the detection and blocking can happen in Real-time with no perceptible latency. When combining WedgeARP, which is the tool of choice for Managed Detection and Response (MDR) providers, with a capable Endpoint Detection and Response (EDR) system, you have a potent solution that can Detect and Block in real-time (instead of minutes or hours like sandboxes!) while also providing real-time remediation through interactions with the EDR system.
The above suggestions can often help the organization rebuild its systems much quicker and at minimal expense without having to pay the ransom. As we’ve mentioned in a previous blog, although employees are always a risk factor, they are a factor that cannot be taken out of the equation and unfortunately, they are also the factor that are often the cause of the ransomware attack with an errant click on a phishing email. In this case, cities should try to have their employees go through security awareness training so that they develop a healthy sense of paranoia around suspicious communications. Beyond that, there is also having organizations harden the security of their systems, such as keeping a firm hand on software that is allowed on work computers and making sure that they’re all kept up to date with regards to patches. In combination, these preventative measures can start adding up, and they’re still fallible.
And of course, at Wedge Networks we try to make things a bit easier with our Wedge Advanced Malware Blocker. We know that the human factor will always be there and that sometimes patches get missed. By employing WedgeAMB, it provides municipalities with that extra blanket of comfort. By being able to detect and BLOCK advanced threats, never-before-seen malware and other suspicious content BEFORE they can even reach the endpoints. We’ve always taken the Proactive approach to security and with out patented Deep Content Inspection and orchestrated threat management of the industry’s best-of-breed malware heuristics and artificial intelligence, we are hoping to help municipalities protect themselves by PREVENTING ransomware attacks. Hopefully if more cities out there take this approach, we can stem the tide of ransomware that seems almost like an inevitability. You can try WedgeAMB for FREE on a 90 day trial. Contact our team at: email@example.com to learn more.
We are thrilled that yesterday, July 11, 2019 at the 87th Annual Meeting of the United States Council of Mayors, US Mayor’s have voted and vowed against paying for ransomware where they affirmed:
“NOW, THEREFORE, BE IT RESOLVED, that the United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach.”
We applaud wholeheartedly! Well done!