The recent spate of ransomware attacks on Texas municipalities is a harbinger for the future of cyber-crime. In fact, according to various news sources, as of August 23rd, 2019, at least 22 municipalities in Texas have been affected by this recent ransomware outbreak. Although not all of those affected have gone public, there have been enough disclosures that a pattern has emerged.
It seems likely that this outbreak was caused by a compromised Managed IT Service Provider. As a result of the compromise, the Managed IT Service Provider was used as a vehicle to infect multiple municipalities throughout Texas. Significantly, the Texas Department of Information indicated that the evidence points to a single threat actor.
Ransomware is Targeting Governments
People target governments with ransomware for several reasons. The most immediate is that governments provide services such as police, fire, emergency medical services (EMS), utility, water, and zoning. Additionally, the most critical of these services are police, fire, and EMS. Indeed, these life-saving services are disrupted by the loss of 911 and various record management systems upon with these agencies rely.
Another obvious reason is that governments house important data such as birth and death certificates, water, sewage, electric, tax, and payment information. Ransomware disrupts the government’s ability to function and provide the aforementioned services to citizens. However, with this approach, the threat actor is not only targeting data. They are targeting the services that are important to citizens. This effectively ups the ante for ransomware payment motivation from the value of data to the value of human life, which makes the government more likely to pay a higher ransom quickly.
Small Governments and Ransomware
Small governments have a difficult time protecting against a ransomware attack. The mayors and council members are typically not cybersecurity savvy and would often rather allocate funding to non-IT related projects. The primary reason for this is because they fund things that are physically tangible, such as a road or new city bus. Cybersecurity isn’t something that can be seen, so it is often shrugged off as something IT wants but doesn’t need.
With the threat actors targeting these municipalities and the leaders not understanding the severity of the issue, the future might seem relatively dark. However, there is a light at the end of the tunnel and, in this case, its not a train. There are some very simple things that small governments can do to strengthen their defense against ransomware.
How to Strengthen Defenses Against Ransomware
The very first thing is have an incident response plan that includes a provision for a ransomware attack. One of the key questions that should be addressed is: “Will we pay the ransom?” If that answer is yes, the next question is: “Do you have a bitcoin account set up?” Aside from developing an incident response plan, some simple things that can mitigate the damage and decrease the overall ransomware risks are:
- Regularly back up and verify the integrity of data based on upon the data’s criticality.
- Evaluate the threat actors likely to spread ransomware through your enterprise and understand their tools and tactics.
- Patch endpoints as new vulnerabilities are discovered.
- Utilize least-privilege user access across the environment.
- Disable or closely monitor connections and vulnerable protocols such as remote desktop protocol (RDP).
- Implement multi-factor authentication (MFA) for user login and access to mission critical files and data.
Ransomware will continue to evolve and threat actors will seek to maximize the impact for greater profit potential. Thus, it may not just be data loss, but possibly loss of life that ransomware will target in the future.