Stopping a Ransomware Attack Before it Happens: Advice for State and Local Governments

The dramatic rise in ransomware attacks against state and local governments is troubling on multiple levels. The most urgent, of course, is the risk to public safety, as disruptions to key systems can result in unintended, and sometimes catastrophic, consequences, including loss of life. Meanwhile, everything from taxes to traffic ticket fines go uncollected, while day-to-day functions that citizens take for granted, such as real estate filings, access to healthcare, and even car registrations and driver’s license renewals are suspended.

The malicious actors behind these attacks grow more sophisticated daily and have been able to pinpoint not only how to plant their malware into vulnerable systems, but also just how much to charge to make it worthwhile for a victim to simply pay the ransom. Some municipalities have done just that: pay the attackers tens of thousands of dollars, rather than incur the costs of re-creating their data (as well as the costs of operating manually until their systems are restored).

The traditional approach to cybersecurity is reactive – plugging the hole and struggling to rebuild systems only after an attack has taken place. Conventional antivirus and anti-intrusion detection solutions frequently can’t stop these attacks, and many municipalities simply don’t have the budget to invest in more robust security.

In their latest white paper, Blue Ridge Networks explains how city, county, and state governments can turn the tables on malicious actors by preventing ransomware from infiltrating their systems in the first place. After explaining how ransomware works, and why it is so insidious, it takes a close look at why techniques based on detecting malware fail.

In place of reactive solutions, a multi-layer endpoint defense is offered as a new best practice for public sector organizations. Instead of relying on signatures, which are only effective against known malware and ransomware, this new approach identifies and blocks suspicious activity automatically stopping both known and novel malware. Moreover, this approach does not require cybersecurity expertise and a large, dedicated security staff. It also eliminates most of the other costs associated with traditional endpoint protection.

With no sign that ransomware attacks against public sector organizations are slowing it’s time to take action against malicious actors and begin to stem the financial and reputational costs of these exploits.

Ready to learn more? You can access the best practices here.