The recent ransomware attacks that affected government sites in Texas were an almost complete win for attackers trying to blackmail small municipalities. In mid-August, attackers hit 22 local governments in the state, locking up their files.
Last week, yet more ransomware attacks hit municipal institutions across the US. They included school districts in Connecticut, Idaho, New York, Virginia, and Washington, along with the administrative offices of Lake County, Indiana, and the Stevens Institute of Technology in New Jersey. While the Texas governments haven’t yet revealed the ransomware that infected them, at least three of the latest incidents involved Ryuk, and at least one victim reportedly paid.
Not everyone infected by ransomware in the Texas incident fell victim to it, though. An in-depth report in The Wall Street Journal revealed how a fast-thinking in-house technology director at Lubbock County yanked an infected computer off the network before it had time to spread. Many other departments rely on external IT services companies that might not be as quick to act. Small municipalities are a common target because they often have smaller IT budgets than they should, according to Johns Hopkins University professor of computer science Avi Rubin, cited in the article.
How can these small cash-strapped governments get ahead of the ransomware threat? They can use a mixture of techniques and tools at various points in their infrastructure. The first and most critical measure is an effective backup strategy. This means backing up files offline and maintaining multiple versions, paying close attention to the required recovery point object (RPO), which dictates how frequently they back up their files.
Another step is endpoint protection. Harden endpoint devices with proper software patching, along with effective endpoint security solutions (even a basic malware scanner is a start).
Stop malware spreading by segmenting the network to stop ransomware spreading from department to department. This is especially true for critical services like emergency response and operational networks that control things like traffic lights and municipal water.
Finally, as always, end-user education is a powerful tool. Explain the ransomware threat and warning people of the infection vectors and how to avoid them. This includes not clicking on suspicious files or links and not inserting USB keys into drives. Ideally, administrators will lock down those USB ports centrally using Windows' Group Policy tool.
Part of that training also involves encouraging staff to warn admins of suspicious activity. In Lubbock County’s case, an eagle-eyed employee called the tech department at once when they saw filenames morphing in front of them. That made all the difference.
No one technique may not be sufficient on its own, but together, they form a layered defense strategy that could just save a local government’s files.
