#HowTo: Protect the Public Sector from Increasing and Sophisticated Ransomware Attacks

Just over a year ago, Lindy Cameron, CEO of the National Cyber Security Centre (NCSC), said that ransomware poses “the most immediate danger” to UK businesses in cyberspace. Her statement still rings true, as ransomware attacks on public sector organizations are skyrocketing, threatening governments and communities around the globe. The last several months alone have seen government systems in Costa RicaChile, and Montenegro breached by ransomware actors, with critical infrastructure, like Italy’s state-owned energy services firm GSE, getting caught in the crossfire. 

Organizations in healthcare and education have also fallen victim to ransomware gangs like LockBit, who know that the consequences of disruption to public services can potentially impact the lives of millions of people. The public sector needs to be hyper-focused on protecting themselves and the populace from this growing threat. As European Cybersecurity Month highlights ransomware as a key theme, it serves as a timely reminder of why it must be stopped in its tracks.

Mitigate the Risks

Ransomware activity surged by 21% in Q2 this year compared to the same period last year. While the infamous group, Conti, ceased operations during this time, it only left a void for LockBit to fill. However, there are a few key things organizations can do to mitigate the risk of attack, such as taking a proactive approach to cyber defense by monitoring for attacks and quickly patching any vulnerabilities that are uncovered. 

As simple and repetitive as this sounds, it often comes down to getting the basics right. Ensuring your strategy allows your security and IT teams to implement good identity and password management and patch management processes, enable protections like firewalls and correctly configure your endpoints and networks are all critical actions. Finally, having good backups that have been tested and are resilient to malware is vital to an incident response and crisis management plan. The NCSC’s ’10 Steps to Cyber Security’ guidance provides an essential starting point for security professionals within medium to large organizations.

Rapid Response and Guidance

Speed is paramount. If a hospital is hit by ransomware, patients’ lives could be endangered, as witnessed during last year’s HSE cyber-attack in Ireland. Implementing a solid internal response plan is one thing, but reporting incidents and getting support from local and national authorities must be the next step. However, according to a recent threat landscape report by the European Union Agency for Cybersecurity (ENISA), that’s not always the case.

Shortcomings exist within EU reporting mechanisms. For example, the report found that from May 2021 to June 2022, in nearly 95% of ransomware incidents, it was unclear whether the impacted company paid a ransom or not. Even more concerning is that the information about the disclosed incidents is limited since, in most cases, the affected organizations are unaware of how threat actors managed to gain initial access. 

Liaising with the authorities quickly gives you the best chance to take on and eventually recover from a ransomware attack. Being transparent with those impacted by the attack also goes a long way to mitigate reputational damage. Cyber agencies, like the NCSC in the UK, are the experts and have advice to guide any affected organization. Their technical advice, access to information and ability to coordinate cross-government responses are invaluable in the aftermath of an attack. 

Collaborative Advantages

Governments and agencies around the globe are playing a greater role in active cyber defense. Just as ransomware incidents have increased in frequency, so too has the occurrence of coordinated activity against ransomware gangs. Multi-government takedowns, such as the effort against the FluBot spyware this summer and the REvil shutdown last year, have become a welcome sight. Collaboration is what makes actions like this possible. 

Following the European Commission’s pledge last year to create a Joint Cyber Unit, this summer, NATO announced its own plans for a cyber force. This demonstrates that nation-states are warming to the idea of opening their security apparatus to allies. Besides joint takedowns, simpler actions such as increased sharing of national assets, intelligence, strategies and tactics will put all parties in the best position to counter future threats. Ensuring organizations are prepared to respond to cyber incidents is the next crucial step.

The NCSC has called for a ‘whole-of-society approach to cybersecurity,’ and they’ve been a shining example of collaboration working well. Its frequent threat advisories distributed in conjunction with other nations have been made possible thanks to intelligence sharing and lockstep coordination in public responses. Looking at the bigger picture for public sector organizations, collaboration in this regard is an important aspect, but it’s more beneficial to look at it alongside taking the basic preparatory steps to mitigate threats and ensuring quick coordination with the proper authorities when danger does strike. The more everyone can consistently execute these actions, the better and more protected our society will be.

What’s Hot on Infosecurity Magazine?