Ransomware Prevention Guide for Cities
Ransomware is a virus that encrypts your data with malicious intent. It’s a weapon used by a criminal who attempts to steal your money or destroy your property (in this case, your data) if you don’t pay a ransom. Once your files are encrypted by the virus, a screen will pop up on your computer with instructions about paying a ransom.
If you pay, the criminals will hopefully decrypt your data—although there are no guarantees. Remember, these are criminals. Can I trust them? Will my data be restored? Is my restored data unaltered? Do they still have access to my computer? Will this happen again?
As one of the scariest viruses out there, attackers use ransomware more and more often. The ransom price demands are increasing. According to ZDNet, “Global ransomware volume reached 206.4 million attacks in 2018 – an 11 percent year-over-year increase. SonicWall said this was down to malware authors mixing and matching components to create new variants, which are thus harder to identify and block.”
Quite simply, ransomware has become very profitable for very bad people. Many ransomware attacks have devastated local governments—from shutting down 911 systems to erasing years of criminal evidence. It’s putting communities at risk. Usually about once a week, we hear about yet another municipality devastated by such an attack. And these are only the ransomware attacks reported in the media.
It’s likely that your city, town, or organization has a good chance of experiencing a devastating ransomware attack that leads to permanent data loss. However, following our seven best practices will help you anticipate, prevent, and recover quickly from a ransomware attack.
In this guide, you’ll learn:
Seven best practices that will help you anticipate, prevent, and recover quickly from a ransomware attack.
Regularly patch your software
Update your operating system
Modernize your technology
Data backup and disaster recovery
Monitor systems proactively
Separate critical systems from less critical systems
Never pay the ransom
Short on time?
Download the PDF to read later 👇
1. Regularly patch your software
So many organizations—including cities—do not patch their software on a regular basis. Excuses are plentiful. City staff have too much on their plates. Reactive IT vendors do not get paid to do proactive IT maintenance. Nothing appears broken, so why fix it? It’s not a priority. Et cetera.
But when you don’t regularly patch, you miss out on security updates. Software vendors plug holes that hackers can exploit. When you don’t apply patches, it’s like leaving a back door open in your house.
2. Update your operating system
In 2017, the WannaCry ransomware virus devastated organizations using outdated, unsupported operating systems such as Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008. A newer operating system like Windows 10 wasn’t affected by WannaCry at all.
If your city is running an outdated Windows operating system, consider that Windows 7 has not included full support since January 2015—with Microsoft providing only limited support until January 14, 2020. The older an operating system becomes, the more security issues it will have and there is less of a chance that Microsoft will provide security patching.
Many organizations—including cities—stick with older operating systems because of poor practice, older software that’s only compatible with older operating systems, and an unwillingness to budget for the upgrade of operating systems.
3. Modernize your technology and get rid of legacy systems
There is no longer a “nice-to-have” argument about modernizing technology. Instead, modernized technology and cybersecurity are increasingly seen as one and the same thing. For cities, it will become more and more negligent to cling onto old legacy hardware and software that uses obsolete, unsupported, and unsecure technology.
Older software has more likelihood of containing security vulnerabilities and crumbling under a security issue. Many cities often have older versions of software that lack vendor support or security features to protect against new forms of viruses like ransomware. In addition, many software platforms are often not regularly patched and updated by cities. Altogether, this leads to situations where software becomes extremely vulnerable to ransomware when it spreads.
While budget is always a concern, the costs of a cyberattack—financially, legally, and politically—can be far worse. States such as Arkansas have even passed laws threatening to revoke a city’s charter if they don’t comply with the law through using appropriate, secure technology.
4. Build a highly available data backup and disaster recovery solution
Your employees pose the biggest risk for allowing ransomware into your organization—so you need to first prepare for the worst.
Modern data backup and disaster recovery solutions allow you to create “snapshots” of your data and systems at a given point in time. If the ransomware began to affect your organization at 2:30 p.m. on a Tuesday, you can restore all your data to a point in time before the infection hit that moment on Tuesday.
5. Monitor systems to proactively detect and contain damage
The earlier you catch ransomware, the likelier you can contain damage to a single computer, server, or area. Ways to prevent such widespread damage include:
- Proactive monitoring and alerting of systems: When IT professionals— with the help of 24/7/365 automated software—monitor your systems and get alerts when something is wrong, then you are more likely to detect a virus or ransomware. Suspicious activity usually sends up a red flag if you’re proactively monitoring systems—and you can catch an incident much sooner.
- Enterprise-grade antivirus: Relying on free or consumer-grade antivirus is not enough to fully protect you from dangerous ransomware. With enterprise-grade antivirus, IT professionals can manage the platform to receive alerts in real-time, more effectively block or cripple attacks, and analyze better where ransomware has specifically infected your systems.
6. Separate critical systems from less critical systems
If departments share servers or systems and they go down, everyone goes down with the ship. When possible, segment and separate critical systems. This way, ransomware may have limited impact on fewer systems.
7. Never pay the ransomware ransom
There are three reasons you should never pay a ransomware ransom, despite other cities doing so:
It is never guaranteed that criminals will unencrypt your data. Criminals often ask for thousands of dollars in ransom. Would you take thousands of dollars from your city treasury and then flip a coin to see if you keep it? That’s essentially what happens when you pay criminals. According to SentinelOne’s Global Ransomware Report 2018 (reported in KnowBe4), “45% of US companies hit with a ransomware attack last year paid at least one ransom, but only 26% of these companies had their files unlocked.” Yes, only 26 percent! With such a low chance of your ransom actually unencrypting your data, it’s not wise to throw thousands of dollars at criminals. Plus, if you pay, criminals may also ask for more money or target you again—viewing you as a nice source of revenue.
It is never guaranteed that criminals will restore your data as it was. Once you get your data back, do you know for sure that it’s unaltered? If criminals had access to it, they could do anything with it. Delete some of it. Corrupt it. Implant malware into it. Who knows? These are criminals. You can’t trust them. In some cases, ransomware attacks are led by sophisticated nation states or professionally organized criminal syndicates with deep pockets and resources. Who knows what they’ve done with and to your data before they give it back.
It is never guaranteed that criminals will no longer have access to your data. Remember, these criminals held your data hostage. By paying a ransom, you are trusting a criminal to perfectly return your data back to its previous state. And maybe they’ll also nicely clean up the mess they made to your data, computers, and network—and lock the door behind themselves on the way out? Don’t bet on it. How do you know they don’t intend to still use the data they held hostage? You don’t know for sure if criminals accessed your data, still have your data, and intend to use your data for malicious purposes.
While ransomware attacks might look scary, they really only affect cities that fail to implement basic IT best practices. If your city isn’t following the seven best practices in this whitepaper, you are at risk for a ransomware attack. To learn more about cybersecurity best practices that can help protect your city, town, or organization, read about the 3Ps: passwords, patching, and people.
How VC3 Can Help Protect Your City from a Ransomware Attack
VC3 guards against cyberattacks by keeping your computers patched, protected, and healthy. Includes always on monitoring and alerting for issues, enterprise-class antivirus protection, automated computer maintenance, ongoing software patching to keep you secure, and regular training to keep you and city staff on guard and alert.
Contact us today to learn more about our managed security services.