Recently, 22 different cities across the State of Texas were hacked and hit with simultaneous ransomware attacks – attacks where computer systems or data are effectively held hostage for a monetary ransom. And Texas isn’t the only victim. According to an excellent article in the New York Times highlighting a rash of recent ransomware attacks on cities and municipalities, there have been more than 40 such attacks on municipalities this year.
So, how can your city or state avoid becoming the next headline due to a ransomware attack? The best way is to make yourself a hard target.
Cybercrimes, just like in the “real world,” are crimes of opportunity. They’re also a volume business. Attackers who find success with an exploit or technique focus their efforts on using it to infect as many targets as they can to maximize their profit. Because we rely so much on computers and the Internet, a ransomware attack can disrupt not only your business, but your personal life as well. With knowledge, planning, and good practices, you can avoid being another casualty.
Here are ten things that your municipality can do to avoid becoming a target:
- Security awareness training – We mentioned knowledge first for a reason. One of the simplest ways to avoid ransomware is to educate yourself and your users. An understanding of ransomware, how it works, attack vectors (like phishing and social engineering) and prevention methods is vital to protect yourself.
- Software updates, patches and configuration – Cybersecurity hygiene for your endpoints will go a long way to preventing ransomware. Attackers often seek to gain access to your network and systems by exploiting common vulnerabilities and misconfigurations. Ensure that security patches and software updates are regularly applied. Disable any unneeded applications or features.
- Email protection – Utilize an email gateway that provides real-time inspection and detection of email contents and attachments to find and block malware threats that might otherwise escape notice.
- Current inventory of hardware & software assets – You can’t protect yourself against threats if you don’t know what you’re protecting. To defend your network, you must know which connected devices are legitimate and which are unsanctioned. This includes BYOD and IoT devices. Understanding and controlling the permissions assigned to devices is also critical. In addition, you should ensure you’re using the most secure applications that meet your needs.
- Reliable backup and recovery – Regularly backing up data used to be recommended in order to recover from failures of storage hardware. With the rise of ransomware, a solid backup and recovery plan is essential to protect your data in the event of a successful attack.
- Real-time traffic monitoring – Yes, you should be filtering and blocking inbound connections, but you should do the same for outbound traffic as well. Once ransomware gains access, it usually contacts a command & control server to initiate the encryption of your data. Any suspicious traffic, in or out, should trigger an alert and further investigation.
- Implement intrusion detection and intrusion prevention systems – IDS/IPS tools automate recognition of suspicious or malicious activity and generate alerts. IPS can also take action to block or mitigate attacks. Often these tools are features of next-gen firewalls. They may also incorporate behavior monitoring.
- File integrity monitoring – Unauthorized access or alteration of business-critical data can indicate an attack. Set up file integrity monitoring to automatically alert you to abnormal user behavior that may indicate ransomware.
- Log monitoring and analysis – Attackers leave tracks – evidence of their activity within your network. A SIEM tool (security information and event management) will analyze system, application, activity, and security logs and flag anomalous behavior. User and entity behavior analytics (UEBA) will “learn” what normal user activity looks like and alert you when something unusual occurs.
- Continuous threat intelligence – Using security tools that incorporate threat intelligence, or ingest it from other providers, ensures that you are using the latest information on threat actors and their capabilities, techniques, targets, and goals. Many threat intel providers utilize artificial intelligence and machine learning in predictive ways to help detect and prevent attacks before they are even launched.
If your municipality implements these ten things, they will be a harder target for hackers to attack, and could keep themselves out of the headlines as the next victim of ransomware.