The threat of Ransomware continues to grow and impact public sector agencies. Since the WannaCry attack in 2017, ransomware attackers have been relentless in their pursuits. Take the City of Baltimore as an example. Baltimore was first attacked in 2018 and shortly after, as it was recovering, the city became a victim again as it was hit a second time with a ransomware attack in 2019.
Rather than pay the ransom, Baltimore’s leaders chose to focus on recovery efforts, which were estimated to exceed $18 million for just the 2019 attack. While cities and states seem to make the news for ransomware attacks more frequently, the federal government is also battling this relentless enemy. According to a recent report by Verizon, The Growing Ransomware Threat to Government Agencies, 30 percent of federal agency respondents reported their agency had fallen victim to a ransomware attack – a significant threat for agencies.
The 2020 Verizon Data Breach Investigation Report (DBIR), found ransomware was the most common form of malware impacting government agencies last year, accounting for over 60 percent of malware varieties in Public Administration incidents. While these numbers should be concerning to federal IT professionals, it’s estimated that these findings are merely just a glimpse into how often ransomware attacks are occurring. “The estimate is less than 10 percent [of ransomware incidents are] getting reported,” said Matthew O’Neill, Assistant Special Agent in Charge with the U.S. Secret Service.
The 2020 DBIR found that 39 percent of Public Administration organizations have experienced a compromise involving a mobile device. With a shortage of qualified IT staff and with remote work leading to government assets, to include laptops and mobile devices being dispersed more than ever before across the country, it is imperative that agencies bolster their security posture in tackling ransomware threats. The first step to bolstering security is to understand the threat and how it’s targeting agency assets.
Government agencies that handle sensitive data like Payment Card Information (PCI), Personally Identifiable Information (PII), and Protected Healthcare Information (PHI) and must educate themselves about ransomware attack tactics and trends. “That’s a prime target for any cyber attacker,” O’Neill said. For governments, cyber-attacks are glaring issues that can cause public uncertainty, creating the need to quickly fix these problems – which is why some agencies have chosen to pay ransom demands. “They just want to be up and running,” O’Neill shared.
“For agencies to combat these threats, they must understand how threat actors operate – how they infiltrate systems and devices, how they maneuver once inside, and how they continue to evolve their tactics to stay that proverbial one step ahead of cyber defenders and incident responders,” said John Grim, Head of Research at the Verizon Threat Research Advisory Center. “Let’s not forget the current challenges faced by many organizations with employees working from a familiar location, but in unfamiliar circumstances: those working from home, and even more so, from potentially anywhere. This dynamic poses two primary challenges: the technical cybersecurity aspect and the non-technical aspect – the Human Element. Threat actors are well aware of the potential they have here.”
The report takes a deep dive into the threat and victim aspects of ransomware, specifically focusing on the tactics, techniques, and procedures leveraged by threat actors, and the actions that their targeted victims can take to better prevent, better mitigate, better detect, and better respond to ransomware attacks.