According to a recent article in The Hill state and local governments across the United States have seen a sharp upswing in the volume of ransomware attacks since the beginning of the COVID-19 crisis nearly three months ago. “We are seeing a lot more malicious activity, especially a lot of activity related to COVID-19,” shared CIO of the City of Atlanta, Gary Brantley in the article.
Ransomware was already a significant threat to business operations and delivery of citizen services prior to the pandemic and, likewise, state and local government agencies were already struggling to mitigate the attacks without paying the ransom. While state and local governments are anticipating additional funding from Congress to help bolster cyber defenses as agency staff continue to work remotely, there are steps that they can take now to mitigate ransomware attacks.
We had the opportunity to talk with Eric Nail, Systems Engineer with Pure Storage to find out more about why ransomware is such a persistent threat, why states and localities don’t need to pay the ransom to restore their data, and other strategies they can use to mitigate the looming threat of ransomware attacks. Read on to find out why he thinks state and local governments shouldn’t pay the ransom and should invest that money in Flash backup and restoration solutions.
Government Technology Insider (GTI): Why is ransomware such a significant problem for state and local governments?
Eric Nail (EN): Ransomware is a serious problem because it’s a low cost, low risk, high reward attack. Cyber attackers are rarely sent to jail for executing a ransomware attack, yet there’s a very high probability that they’ll receive a monetary payoff. While organizations are reluctant to discuss the issue of ransom payment, it’s widely accepted that more than a half, close to two-thirds, of organizations will actually pay the ransom; that makes ransomware big business. Until this balance changes, ransomware is going to continue to be one of the most common and painful problems we face.
GTI: Is it their data that makes these organizations an appealing target, or is it the criticality of the services they deliver?
EN: What makes state and local governments an attractive target is both the data they hold and the criticality of the services they deliver. Right now we’re seeing ransomware attacks evolve. The goal of most ransomware is to encrypt an organizations data so it couldn’t be accessed until the ransom is paid, but attackers are now also threatening to reveal the data so that it can be used against the organization, an individual, or anyone whose data is caught up in the attack. Recently, a criminal organization threatened to release sensitive information belonging to President Trump if a ransom wasn’t paid proving that anyone with a digital footprint is a potential target. These days, no one is immune.
GTI: Are we seeing a rise in ransomware attacks during the pandemic?
EN: We are absolutely seeing a rise in ransomware attacks during the pandemic. The rapid roll-out of remote work for many employees created the ideal conditions for ransomware attacks to flourish. These attackers know that our home computers and networks are far less secure than the corporate networks and they’re taking advantage of that. They’re also taking advantage of the disruption in routines and the very human impacts of this crisis to slip through our defenses.
Anytime there’s a humanitarian crisis – be it wildfires, hurricanes, or a global pandemic – there’s an opportunity for criminal organizations to launch ransomware attacks via phishing emails. Combine that with disruptions, distractions, and weakened security and it creates the perfect opportunity for an attack to slip through our defenses and exploit valuable data.
GTI: Is paying the ransom the only option that these organizations have?
EN: It might seem like paying the ransom is the only option but, fortunately, it isn’t.
The first thing to know is that fewer than half of the organizations that pay the ransom actually get their data back. Think about that for a minute – the odds of getting your data back after having paid a significant sum of money is less than 50-50. Those are not good odds.
And it gets worse. Even if you do pay the ransom and you do get your data back, there’s no guarantee that they won’t strike again. There are far too many organizations that have paid the ransom only to be hit again just days later. The bad guys know that the organization is still vulnerable, and they know that they’re willing to pay.
So, based on these odds and with the implementation of effective mitigation strategies, which should include both cybersecurity defenses and data management, paying the ransom really shouldn’t be considered a first, second, or third option.
GTI: What’s the alternative to defeating ransomware?
EN: Defeating ransomware is no longer just about preventing an attack from happening. State and local governments should focus on being resilient and able to recover from an attack. Ransomware attacks are advancing so rapidly that its wiser to assume a breach is inevitable.
The smart strategy begins with identifying what’s going to happen when our organization is attacked and how we’re going to make the recovery process as fast and as painless as possible. This recovery process is dependent partly on a solid IT security strategy, but a good data protection strategy is just as important.
Your data protection strategy is the last line of defense against not only catastrophic data loss, it also in ensures business continuity and protects against reputation loss.
GTI: Data restoration isn’t on the top of anyone’s list because it’s a heavy lift, what can be
done about that?
EN: First of all it’s important to understand that there’s a world of difference between having your data backed up and being able to get back up and running quickly. I’m mystified when I meet with IT teams who focus on backup times and retention periods, without understanding what their restore time is. It’s the restore time that matters the most during a crisis.
When the worst happens and your agency’s data is unavailable, being fast is critical. Flash-based storage lets you restore incredibly quickly, usually within hours – when those hours matter the most. Not having a fast Flash-based backup and recovery solution these days leaves you dangerously vulnerable when you’re hit by ransomware, malware, or a laundry list of other threats. The good news is that Flash-based storage doesn’t cost what it used to and is now also available as a pay-as-you-go service.
GTI: Any final words of wisdom to share?
EN: Ransomware illustrates just how interconnected our organizations are. IT security isn’t just for the IT department anymore, it’s actually a digital hygiene issue that everyone in the agency is part of. From design to implementation to administration, we need to keep this important change in perspective front and center.
Good cyber defenses aren’t enough. Today’s agency also needs a robust and fast data storage environment to restore critical data and systems quickly. In addition, an ongoing education program for all employees is essential. Only when all three of these are in place can an agency really be safe from ransomware. When the inevitable attack happens, they won’t have to pay the ransom and be at the mercy of attackers to continue to deliver on their mission.
Ready to learn more about defeating ransomware? Here’s a webinar that will help you navigate the complexities.