4920 Constellation Drive
White Bear Township, MN 55127-2218
help@chipscs.com | 651.407.8555
Schedule Now
Local and state governments are increasingly becoming ransomware victims. Even worse, some of them are paying large ransoms to get their data back. Find out how one county government avoided giving into the cyber extortionists’ demands.
An unprecedented number of government entities in the United States were besieged by ransomware in 2019. More than 110 local and state governments fell victim, some of which gave into the cyber extortionists’ demands. For example, two cities in Florida — Riviera Beach and Lake City — paid ransoms of $600,000 and $490,000, respectively, to get their records and systems back. The price wasn’t as high for the city of New Bedford in Massachusetts. Although the cybercriminals demanded a whopping $5.3 million, the city offered to pay $400,000, which the hackers accepted. Similarly, La Porte County in Indiana paid a reduced ransom thanks to negotiators who bartered it down to $130,000.
Although giving into cyber extortionists’ demands might be the quickest and easiest course of action for ransomware victims, it is contributing to the rise in ransomware attacks. The more local and state governments pay up, the more hackers will target them. Even worse, these government entities are often easy targets. They typically do not have the budget to properly protect their systems and data.
Because local and state governments are easy targets with a history of paying up, the onslaught of ransomware attacks is expected to continue. Many local governments have already become casualties in 2020. For instance, the cities of Ingleside (Texas), Oshkosh (Wisconsin), Racine (Wisconsin), and Wayne (Nebraska) fell victim, as did the counties of Grayson (Texas), La Salle (Texas), and Rockdale (Georgia).
One Victim’s Story
Like companies in the private sector, organizations in the public sector are usually reluctant to share detailed information about their ransomware attacks. The Rockdale County government, though, decided to go against this norm and share its story — an act to be commended, as organizations in all industries can learn from its experiences.
The first inkling that something was amiss occurred on February 6, 2020. Members of Rockdale County’s Technology Services department started receiving alerts that unusual activity was taking place on the county’s network. Upon investigation, they found that there was abnormally high CPU usage on several servers. At that point, the staff members suspected the network was under attack, so they followed the procedures recommended by the US Cybersecurity and Infrastructure Security Agency (CISA) for responding to a ransomware infection. The steps taken by the staff included:
Although the investigation is ongoing, the Technology Services staff and law enforcement officials have already determined that the attack was initiated by a phishing email that had a malicious attachment. Opening the attachment unleashed the ransomware, which was designed to encrypted Microsoft Office files and redirected Microsoft Windows startup processes. The staff and officials also found three other phishing emails that contained malicious links. Clicking one of these links would have similarly led to a ransomware attack.
Rockdale County’s remediation efforts are well underway. As of this writing, the Technology Services staff members have physically removed the infected endpoints as well as restored or rebuilt the compromised servers. They also have installed additional software that detects and protects against malware attacks on every computer in the network. They customized the software’s rules and settings to optimize its effectiveness.
In the near future, the county will be implementing solutions designed to filter out phishing emails and block suspicious Internet addresses. Other cybersecurity tools that monitor and respond to questionable network activities are also being considered.
Be Prepared
As Rockdale County’s experiences demonstrate, organizations do not have to give into cyber extortionists’ demands if they become an unwitting victim of a ransomware attack. Instead, they can follow the incident-response recommendations of security experts like CISA, which apply to organizations in both the public and private sectors.
Even better, organizations in any industry can take measures that will lessen their likelihood of becoming a ransomware victim. Besides investing in cybersecurity tools and solutions, organizations can educate employees about ransomware attacks and how to avoid them. We can help you develop an effective strategy that will help keep your organization safe.