Ransomware is an ever-present danger to any organization that relies on its information technology (IT) environment. An attack attempts to encrypt storage devices to make it impossible to use the information. Unfortunately, municipalities and local government agencies have become attractive targets for ransomware gangs.

This post looks at why municipalities are targeted and what they can to do mitigate the risks of becoming a victim of a ransomware attack.

What is a Ransomware Attack?

Ransomware is a particularly malevolent form of malware that is used by cybercriminals to extort financial resources from its victims. A successful ransomware attack can shut down mission-critical systems indefinitely, causing all kinds of problems and impacting a municipality’s ability to serve its citizens.

An attack begins with hackers successfully planting the malware on a targeted network or system. The criminals obtain the unauthorized access necessary to perform this act by compromising credentials through phishing expeditions or tricking users into clicking on a malicious link.

Once the ransomware is resident on the targeted system it encrypts its data, making it unusable. Some ransomware attacks also exfiltrate data before encrypting it, posing additional risks to the victimized organization. Criminals may threaten to expose the data if the ransom is not paid and the data may be sold on the dark web.

Very often, the ransom is requested to be paid in a form of cryptocurrency. Organizations hit by ransomware need to decide whether or not to pay the ransom. There are risks associated with either tactic.

Why are Municipalities Often Targeted by Cybercriminals?

Ransomware gangs have found it is financially beneficial to target specific systems rather than spread their malicious code randomly. They look for potential victims based on two criteria that often apply to local government agencies and municipalities.

High-value targets – Ransomware attacks try to impact mission-critical systems with a high value to the victim. They want to bring down important systems that will influence the victim’s willingness to quickly pay the ransom. Encrypting a random print server is not likely to result in the same financial gain as shutting down a local government’s health services system.

Municipalities depend on their computer systems to provide services to their citizens. Outages can severely affect the ability to fulfill the duties of local government. Ransomware attacks have been responsible for delaying COVID-19 vaccinations and other actions that endanger public health and safety.

Inferior cybersecurity defenses – Cost-cutting and budgetary constraints often result in a reduced availability of IT resources to address the needs of municipal computing environments. The consequence of a lack of resources is inferior security that makes it easy for hackers to gain access to the network and plant ransomware.

Municipalities have to make every effort to strengthen their IT security to ward off cybercriminals. In the absence of additional resources, they should at a minimum, follow best practices that can be implemented without an extensive IT budget.

How to Protect a Municipality from Ransomware Attacks

The overriding defensive tactic to guard against ransomware is for organizations to keep it out of their IT networks. This begins with an overall cybersecurity strategy with the goal of eliminating all malware threats to the computing environment. The following specific cybersecurity practices should be in place to protect a municipality from ransomware.

• Design a comprehensive cybersecurity strategy that implements firewalls, antivirus, and intrusion detection tools to eliminate unauthorized access to IT networks and systems.
• Install system patches promptly to close security vulnerabilities discovered by software vendors.
• Provide training to employees so they can recognize phishing emails and other attempts to compromise credentials or plant malware in the network.
• Scan email for known threats and prevent the messages from being delivered.
• Restrict privileged access so compromised credentials cannot be used to install malware.
• Develop and implement a disaster recovery plan that can recover mission-critical systems quickly in the event of a successful attack.

No defense is guaranteed to work 100% of the time. That’s why a vital aspect of staying safe is the ability to recover if an attack succeeds.

Recovering From a Ransomware Attack

Certain actions should be taken immediately if a municipality’s cyber defenses fail and they are successfully attacked by ransomware. These activities can help minimize the damage and may shorten the time required to recover the victimized systems.

• Disconnect affected systems from the network as soon as an attack is discovered to prevent the ransomware from spreading to other systems and exacerbating the problem.
• Identify the type of ransomware involved in the attack and perform research to see if there are known solutions to decrypt and recover affected data.
• Determine if the ransom will be paid. This can be dangerous as it does not guarantee data recovery. You’re dealing with criminals who may not supply the decryption keys after receiving the ransom. Paying also encourages the criminals to strike again.
• Get ready to execute your disaster recovery plan for the affected systems. A reliable and well-tested plan allows you to recover without paying the ransom.

Engage a Partner for Enhanced Security

Ransomware is just one of the dangers facing a municipality with inferior IT security. Providing effective protection against ransomware attacks and enhancing the overall security of the computing environment go hand-in-hand. Municipalities should look for a reliable partner if they are challenged by a lack of technical resources or the complexity of implementing viable security measures.

Prescient Solutions has been helping organizations of all types address their IT needs for over 20 years. They will evaluate your IT environment and identify the areas that need to be strengthened to provide adequate protection against ransomware and other cybersecurity threats.

Prescient’s security experts provide guidance in selecting and implementing hardware and software solutions that will make ransomware gangs look elsewhere for an easier mark. They can also assist by consulting on a disaster recovery plan and pointing out weaknesses in your backup strategy that may put your systems at risk. Working with Prescient enhances a municipality’s cybersecurity standing and makes it better equipped to avoid ransomware attacks.