State, local and tribal governments across the nation are under assault by cybersecurity criminals. In fact, 22 cities in Texas were attacked simultaneously by a ransomware attack that has brought governmental resources and services to their knees with ransom demands well into the six-figures. We are also aware of multiple tribal governments that are experiencing similar issues. There is no doubt that governments are being actively targeted by hackers. Wipfli doesn’t want the work you’re doing in your community to be interrupted. We encourage you to be aware of the current threats, get access to reliable resources and plan ahead in case you have to take action.
Ransomware is a variant of malicious software (malware) that encrypts data. Hackers then extort victims for a ransom payment in crypto currency (e.g., bitcoin) to provide the decryption key. If an organization cannot restore from its backup, it needs to either pay the ransom or lose the data forever.
The average ransom payment is $12,000, but this is only a fraction of the cost when you factor in business downtime, data loss and other expenses in dealing with an incident. In fact, when the Baltimore City government was hit with ransomware earlier this year, the estimated cost to recover was over $18 million, although the ransomware demanded only $76,000 worth of bitcoin. Being prepared for a ransomware attack is crucial.
Last year, Wipfli published Ransomware: Avoiding a Hostage Situation. The recent attacks are a good reminder to review the tips for avoiding and responding to ransomware. Here are some of the basics:
- Reduce the attack surface:
- Run up-to-date software and hardware.
- Replace systems that are no longer supported (e.g., Microsoft XP, Windows 8).
- Train employees:
- Don’t click on attachments in emails you are not expecting.
- Immediately disconnect your computer from the network if you suspect you have malware to contain the spread.
- Save important data to a network drive if computers and laptops data are not backed up.
- Test backup and recovery capabilities.
- Conduct a ransomware tabletop exercise (mock drill) to improve resilience and awareness.
- Consider implementing advanced endpoint protection to detect and isolate malware automatically.
Is your organization prepared in the event of a ransomware attack? If you have questions or need assistance, please contact Jeff Olejnik, Wipfil’s cybersecurity service line leader, at jolejnik@wipfli.com.