The recent Colonial Pipeline hack, and ensuing gas shortage, have brought the downstream effects of ransomware front and center. As that attack showed us, ransomware is not just a way to extort a company out of money, it is a way to disrupt life for hundreds, thousands, even millions of people.
When ransomware first became an attack vector, hackers rarely released data. Instead, they held systems hostage waiting for their payout. That has changed today with hackers leaking the data they gained access to as a way to hasten the payment of their ransom. This “double extortion” extends the impact of the attack beyond company walls and into the lives of people whose data is now out in the open. To assist in ransomware prevention and management, GovWhitePapers has gathered ransomware whitepapers, case studies, eBooks, and other resources, which are specific to the needs of the public sector.
Targeting the Most Vulnerable
Ransomware attacks are complex to stop, as they involve numerous areas of cybersecurity — phishing, insider threat, data access, authentication, and more. State and local organizations, as well as healthcare and educational institutions, are frequently targeted because they typically have fewer resources to put toward preventing this kind of complex attack and they hold incredibly valuable data that can do widespread harm if leaked.
Police and 911 systems are becoming an incredibly attractive target for ransomware. Recently, a cyber-criminal gang breached the Washington, D.C., Metropolitan Police Department’s computer network in an attack and published detailed information about nearly two dozen officers, including Social Security numbers and psychological assessments. Other hacks have taken down 911 systems, blocked officers from looking up individuals’ backgrounds during traffic stops, and blocked access to investigative files. Even after access is restored, impacts can linger. If data that was compromised is used in court, it raises suspicion as to the validity of that data. It is hard to prove that it is the same as it originally was before the attack.
Buying Protection
Many organizations have turned to cybersecurity insurance to help protect current and future assets against the fall-out from an attack. Not surprisingly, cyber insurance premiums increased markedly in 2020 as these attacks increased in number, severity, and publicity. In fact, public sector entities are finding it difficult to get policies at all.
Even the vendors looking to protect companies from attacks with virus and remediation solutions can be part of the problem. Antivirus company Bitdefender announced it had found a flaw in the ransomware that a gang known as DarkSide was using. They offered a tool that would allow companies to avoid paying millions of dollars in ransom to the hackers. This news alerted DarkSide to the fix and they set about to change their program before using it to attack Colonial Pipeline.
GovWhitePapers has a number of great resources to help anyone stay on top of the threats related to ransomware.
- Ransomware: What It Is & What To Do About It — This fact sheet provides important information on current ransomware threats and the government’s response, as well common infection vectors, tools for attack prevention, and important contacts in the event of a ransomware attack.
- Supply Chain-Based Phishing Attacks on the Rise? — Business Email Compromise phishing, or BEC phishing, relies on spoofs, social engineering, and account takeovers to trick victims into transferring funds and disclosing other valuable information. Despite it being relatively low-tech, it’s highly effective and lucrative — and increasingly, exploiting organizations’ weakest link: their supply chain. This annual guide provides an understanding of the ongoing evolution of BEC.
- Cyber Protection: A Fresh Framework for the US Public Sector — This paper describes why the US public sector must embrace a critical mindset shift to better address the modern cyber state-of-play and strengthen its digital resilience. The concept of cyber protection serves as that fresh framework. Instead of relying on a patchwork of point solutions that meet only one cybersecurity and data protection need at a time, cyber protection integrates the two, allowing public sector organizations to streamline and economize endpoint security and management.
- Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events — This paper provides an example solution to address data integrity challenges. This project details methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. It also identifies tools and strategies to aid in a security team’s response to such an event.
These are just a few of the incredible resources available by searching GovWhitePapers. You can browse additional government ransomware whitepapers and other cybersecurity topics through our search engine here: