5 Ways Cities Can Prevent Ransomware

Ransomware has frustrated IT professionals and end-users since the ’90s. In recent months, the technique has victimized government organizations.

Ransomware is typically installed on the victim’s systems through email. The attacker sends a massive email to a list acquired. If a person opens the email and clicks the attachment or link, the ransomware infects their computer. From there, the ransomware can duplicate itself and spread to other systems.

This is an example of the screen that pops up when starting the infected computer:



Over 170 governments have fallen victim to ransomware since 2013, according to the American Mayors Association. Large cities like Baltimore and Atlanta were infected and refused to pay. In the end, they ended up spending millions of dollars to rebuild and repair IT systems that were taken offline. Smaller cities in Florida have paid, but are left a tarnished reputation and less taxpayer money.

Here is a look at recent publicized cases:

CityHack DateAmountResult
Atlanta, GeorgiaMarch, 2018$51,000Did not pay and spent millions recovering
Jackson County, GeorgiaMarch, 2019$400,000County agreed to pay $400,000
Baltimore, MarylandMay, 2019$76,280Did not pay and spent millions recovering
Lake City, FloridaJune, 2019$460,000Officials agreed to paid the $460,000
Riviera Beach, FloridaJune, 2019$600,000City Council voted to pay $600,000

It is likely that many cases of ransomware go unreported as well.

The decision to pay the hacker or attempt to rebuild is a difficult one. Paying the criminals emboldens and enriches them. Choosing not to pay might cost more in the long run. Some cities like Baltimore have taken a moral stance and taken vows to never pay ransomware. There is also the remote possibility that some hijacked systems can unlocked with the right help.

The methods to stay safe from ransomware are similar to the ways to stay safe from malware and other online malicious criminal activity.

1. Back Up Your Data

Data is the valuable object that makes paying up worth it. If there is no data encrypted, then there is little reason for someone to pay. Backing up data on a regular basis takes the power away from those who have stolen the data. Software and systems might be locked, but the true value is the data.

2. Patch and Update

Hackers take advantage of systems that have not had recent patches or updates to break in. Regularly backing up software takes away these paths to hacking. Building a sandbox environment to test patches and then deploy into the field is a best practice.

3. Security Software

Using security software to stay safe is another important step. Bringing software to bear costs and money and often requires skilled personnel to get the most out . Endpoint protection software can ensure that malware does not infect them and spread. The software service will first block ransomware by detecting malicious activity and then disable the malware before damage is done. Firewalls protect networks from unauthorized traffic. A Security Information & Event Management (SIEM) software takes all the information and events that happen for a network and analyzes them for malicious activity.

4. Expert Help

Implementing and tying together different systems is possible using three different models:
  1. Use your dedicated and skilled security team in your government agency to take complete ownership.
  2. Outsource the security responsibility to a Managed Security Service Provider (MSSP).
  3. The internal team with the government organization can work with an MSSP to multiply their efforts. By cooperating, the organization has the best of both worlds.
A MSSP also has the ability to monitor logs and data from these systems 24 hours a day from a Security Operations Center (SOC) and handle alerts that occur. If something suspicious occurs, the MSSP can notify the city or act to contain a threat.


5. Be Cautious with Emails

People should be extremely cautious with emails from unknown senders. Even known senders can be spoofed to make criminals appear like known friends or colleagues. In these situations, avoid clicking links and never open a file from someone you do not trust. The act of opening an attachment or clicking a link is what loads the payload onto the system.

preventing ransomware attempts

*** This is a Security Bloggers Network syndicated blog from Cipher Blog - English authored by Bill Bowman. Read the original post at: