2019 continues to be a year filled with ransomware attacks. One of the key themes at DHS’ 2nd Annual National Cybersecurity Summit was the rapid and overwhelming increase in cyber attacks on businesses and local governments. For example, Verizon’s 2019 Data Breach Investigations Report indicated 24 percent of all instances of malware involved ransomware. Malwarebytes, an internet security company, reported that the detection of ransomware attacks on businesses in 2019’s Q1 increased 195 percent from 2018™S Q4. According to Johns Hopkins University Professor Avi Ruben, many of the recently reported attacks were specifically focused on local governments and municipalities because they tend to have lower IT budgets than they should.
Ransomware attacks involve loading and executing specialized malware in unsuspecting computer systems. These frequent and difficult to defend attacks can occur by opening a realistic phishing email, visiting corrupted websites, and having an externally facing misconfiguration exploited by a hacker. Depending on the desired outcome, once infection has occurred the attacker can seek to spread the infection more broadly, harvest information, freeze the system, deny access, and/or threaten distribution of sensitive information until they are paid.
Bottomline, ransomware has become a form of extreme criminality and often “cyberterrorism” and has caused severe harm to both public and private sector organizations alike.
You’ve seen the reporting – 23 local Texas governments were hit by an organized ransomware attack last month. However, only one of the 23 localities were able to stop it. This particularly educated IT team was able to immediately locate the infiltrated computer and remove it from the network during the first 40 minutes of the attack. The other 22 local governments lost important information and had to spend hundreds of thousands of dollars to repair and replace its system. Baltimore also fell victim to a separate attack on May 7, 2019 losing control of over 10,000 computers. In late 2018, Atlanta paid hackers $51,000 worth of bitcoin (six bitcoin) and lost millions of dollars because the tax, fee, and general maintenance systems were all shut down. U.S. cellular and utility companies have been repeatedly targeted, sometimes compromising sensitive data and information.
This past week, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) held its 2nd Annual National Cybersecurity Summit highlighting ransomware and other important cyber risk issues and solutions. From sessions such as “Protecting States from Ransomware Threats” and “Identifying and Managing Emerging Risks,” we learned that one of the biggest issues for state and local governments is not necessarily the need for new tools and technology but addressing the lack of resourcing that goes into the state’s IT departments into IT security education, training and awareness and the shrinking pool of available (and affordable) cybersecurity experts. As a result, states are often unable to maintain important protection and detection controls and are not able to properly educate their employees on how to avoid phishing scams and malware-based websites.
All organizations continue to be vulnerable to and threatened by a seemingly growing number of adversaries that are looking to financially disrupt and exploit business and government systems. Moving forward, CISA recommends security teams work to continuously maintain and patch systems and software, instill and foster security awareness and training programs, invest in effective malware detection technology and prevention systems, and employ and test data backup capabilities.
Related, The Chertoff Group offers a ransomware-specific evaluation, called the Ransomware Readiness Assessment, that organizations can use to understand their readiness and resiliency in the event of a ransomware attack. Chertoff Group team members work directly, onsite with security operators to assess the organization’s protective, detective, response and recovery controls and help optimize in-place tools and technology to mitigate risk and reduce the threat and impact of ransomware.
Ransomware attacks have increased dramatically, and the consequences can be crippling. It is important to take the necessary steps now to ensure your organization can detect and response to this threat quickly or you risk the consequences and significant costs associated with having to restore your systems once they have been shut down.
Chris Duvall is a Senior Director at The Chertoff Group, where he works with clients to assess their security and risk management capabilities in addition to improving overall security programs and operations.
Rory McCarthy is an intern at The Chertoff Group, providing helpful analysis, research and support for Chertoff Group clients and activities.
