Ransomware attacks are hitting governments—can they fight back?

Getting your Trinity Audio player ready...

Ransomware attacks aren’t a new concept. They have been around since 1989 when the first such attack was identified and traced back to a Harvard University graduate, Joseph L. Popp. The proliferation of attacks in the past several years has maintained ransomware in the news, given their routine link to requests to be paid in cryptocurrency. As government organizations continue to be attacked, the question of how to combat the issue is increasing. Fortunately, there are solutions.

In 2018, there were 53 ransomware attacks in the U.S. alone that targeted state and local government operations. In the first nine months of 2019, according to antivirus software provider Emsisoft, there were 68 attacks against government agencies. In the majority of the cases, the ransom isn’t paid, with organizations relying heavily on their IT staff to put things back to normal.

Ransomware is a crime of opportunity. It’s easy enough for a hacker to scour computer systems to find vulnerabilities, just like a thief could drive down the street looking for an open garage door that could be exploited. The fact that payments are requested via crypto has nothing to do with the digital currency itself—it’s just another way to facilitate the activity and get paid quicker. If a hacker could be paid in fiat in only a matter of minutes, it would be used.

There are methods that can be implemented on both a local and a global level that would reduce the number of attacks, even though the truth remains—there will always be those individuals who are prone to criminal activity and believe that they can’t be caught. That misguided belief has already proven to be costly (read: Bitcoin trail leads to massive child porn ring bust).

On a national or global level, there needs to be a central database of ransomware in order to allow for better tracking. According to the CEO of Coveware, Bill Siegel, “The research showing that 48 out of 50 states have had a municipal organization impacted by ransomware is not surprising. As our country comes to grips with the importance of cybersecurity, centralized reporting of these incidents is critical, given their prevalence. Without reporting, how will we know if our country is under systemic attack at the state or local level verses just at the federal level?”

On a local level, there are ways to prevent attacks. Business computer networks need to be locked down as tightly as possible, allowing for only official communications without the possibility of introducing personal items, such as a USB drive or other device that could be compromised. Antivirus software and firewalls are as much a requirement as are the mouse and keyboard and need to be completely up to date at all times.

Allowing Internet traffic to only sites that are required for the job functions will also help to reduce the risk of exposure and can be controlled through white or black lists. No matter what, email scanning and download controls are obligatory, not a luxury. The cost of implementing these controls is exponentially lower than the cost of not implementing them.