The risk of being hit by a ransomware attack is real and growing. Municipalities and states are the favorite targets of these digital extortionists. And ransomware attacks on local governments show no signs of slowing down. Recently, there has been an increase in ransomware attacks against municipal organizations. According to a recent report, at least 174 cities, towns, and government agencies experienced ransomware attacks in 2019, an increase of 60% from 2018.
Many organizations reject payments and, in the absence of processes and functions to regain access to their data, these attacks disable critical services that can be manual for days, weeks, or even months. I have no choice but to trust the operation. Even more problematic is that the villains are doing everything possible to take advantage of the coronavirus pandemic.
While these attacks are detrimental to any agency, when it comes to cities and towns, hackers take valuable data hostage, shut down services, and demand an average of $ 1 million to release the data. According to a recent survey, a third of organizations affected by ransomware attacks pay attackers money.
So how can a municipality protect itself from these attacks? With the evolution and proliferation of ransomware threats, backup data must be managed ransomware services so that it cannot be corrupted or modified, and rapid recovery is required. It begins with developing a comprehensive cybersecurity plan to protect people and systems. When it comes to attacks, the weakest are people. Recent research has found that human factors are responsible for most of the network outages and vulnerabilities today. You only need one successful attack to create chaos.
Here are some of the best personal practices:
- Do not click on unverified links
- Don't open untrusted email attachments
- Download only from trusted sites
- Do not provide personal data.
- Do not use unknown USB
- Use VPN while connected to a public wifi network
The good news is that while this digital extortion scheme is becoming more conscious, the more sophisticated and targeted attacks target backup data and infrastructure, threatening companies around the world. In compromised cities, mistrust of customers can lead to more serious financial losses and, in the case of medical care, harm the health of patients.
For municipalities and states, protection against ransomware involves preparing and adopting the appropriate processes and technologies. A comprehensive disaster recovery and business continuity architecture can assess potential risks and threats. With careful planning, local governments have the tools they need to stay operational and protect and retain relevant information about backing up their data.
To protect critical infrastructure, local governments and businesses must remember these simple principles. Prevent, Detect, and Recover.
A multi-level approach is important to protect against advanced ransomware attacks. This means that local governments must take several precautions to keep your data safe. This includes immutable time-based snapshots of backup data, multi-factor authentication to reduce the risk of phishing schemes and other password attacks, and security officers to "block" copies of backup data from other security officers. It includes features that allow administrators and even administrators to do so. Personnel cannot modify or delete them. Data separation based on strong air gaps can provide an additional layer of defense against ransomware.
It is important to sound an alert as soon as possible if the attacker breaks through the defense. The backup solution must use machine learning to provide anomaly detection to determine when the data change rate of the primary file deviates from its normal pattern. When this happens, alerts are sent to IT administrators as well as third-party support teams to help stop the attack.
In the event of an attack, the municipality must be prepared to recover quickly to avoid significant downtime. Predefined workflows must exist so that everyone knows their roles and responsibilities and can respond quickly and in a coordinated manner. Rapid recovery should include machine-driven recommendations for recovering clean data, as well as extensive recovery capabilities (on-premises and in multiple cloud environments). Both are important to protect against painful stops.