Are Federal Agencies Ready For Ransomware?

This blog is the fourth of six upcoming articles about the growing cybersecurity threat known as ransomware. GovLoop partnered on this series with Veritas Technologies, LLC, a data management software company and ThunderCat Technology, an IT solutions provider. Working together, we aim to explain what ransomware is and how federal agencies can prepare for, respond to and survive potential attacks.

About one third of government IT officials say they’re unsure how their agency would respond to an increasingly pervasive cybersecurity threat, according to a new poll by Scoop News Group and Veritas Technologies, LLC.

In the survey, released in December 2019, 31% of federal and state decision-makers said they didn’t know their agency’s policy for responding to ransomware.

The poll sought to uncover how agencies at every level of government are handling ransomware. Ransomware is a form of malware, or malicious software, that purposely harms technologies such as computers and IT networks.

Unlike other malware, ransomware attackers threaten to publish the victim’s data or block access to it unless a ransom is paid.

According to research Veritas conducted in 2019, the U.S. was the nation most affected by ransomware attacks that year. Veritas suggests that the U.S. suffered more ransomware incidents than any other nation in 2019 because 64% of American victims reportedly paid the ransoms demanded of them that year.

“Anything your personnel has access to or that’s just open, ransomware can get into it,” Rick Bryant, National Healthcare Architect and Practice Director at Veritas, said of ransomware. “In a world where we’re always on the run and everyone’s trying to multitask, it’s hard to be extra cautious.”

Fortunately, the recent poll suggests roughly half of respondents said their agencies have procedures for isolating and recovering their data following a ransomware attack. The survey also found that:

• 51% said their agencies have procedures for recovering affected data
• 49% said their agencies have plans for isolating and shutting down the systems compromised by ransomware
• 43% said their agencies have procedures for identifying threats
• 41% said they have in-house methods for eradicating an attack
• 35% said their agency has plans for notifying law enforcement
• 26% said they could expect limited executive understanding and engagement
• 15% said their agency decided to pay off ransoms using their funds or insurance policies

The Federal Bureau of Investigation (FBI) and the Homeland Security Department’s (DHS)’s Cybersecurity and Infrastructure Security Agency (CISA) both advise against paying ransomware attackers.

Other findings from Veritas’ recent poll revealed that 67% did not pay a ransom but recovered their data, while 9% still lost their data after opting not to pay a ransom.

Unfortunately, ransomware victims who pay off their ransoms are not guaranteed to immediately recover their data or operations. Despite this, about one quarter of federal and state participants in the recent poll said they had paid ransoms in 2019.

“They’re intelligent,” Bryant said of ransomware attackers. “You want to have good data management to know where your critical data is. You want to see the ransomware coming in, so you can address it before it’s there.”

Bryant said that agencies can withstand and recover from ransomware by developing a unified plan for all their data, whether it’s in a physical, virtual or cloud computing environment.

Regularly testing their recovery plan, he continued, also provides agencies with the confidence that they’re capable of mitigating and rebounding from ransomware.

Ultimately, Bryant concluded, agencies must be able to fully recover their data and operations at scale following ransomware incidents.

“Being able to recover rapidly and at scale is essential for today’s chief information and chief technology officers,” he said.

ThunderCat Technology, meanwhile, is an IT solutions provider that partners with Veritas. ThunderCat recommends a pragmatic view of the cybersecurity landscape that focuses on the balance between foundational security regulations and compliance. It can also help customers build a strategic security plan for protecting themselves in today’s rapidly-changing threat landscape.

To learn more about how ransomware is influencing federal and state IT decision-makers, click here to read Veritas Technologies, LLC’s recent survey. And click here to hear Veritas and ThunderCat experts discuss ransomware during their podcast series about government technology.