This blog is the third of six upcoming articles about the growing cybersecurity threat known as ransomware. GovLoop partnered on this series with Veritas Technologies, LLC, a data management software company and ThunderCat Technology, an IT solutions provider. Working together, we aim to explain what ransomware is and how federal agencies can prepare for, respond to and survive potential attacks.
Over half of government IT officials say that the biggest obstacle to stopping ransomware is the cyberthreat’s evolving sophistication, according to a new poll.
In the December 2019 survey, 57% of federal and state IT decision-makers cited the evolving sophistication of ransomware attacks as the top hurdle to stopping the cybersecurity risk. The survey was conducted by Scoop News Group on behalf of Veritas Technologies, LLC to look at how ransomware affects every level of government.
Ransomware is an increasingly common type of malware, or software that was crafted to damage other technologies such as computers. Unlike other malware, ransomware blocks access to or threatens to publish the victim’s data unless a ransom is paid. Subsequently, public servants hit by ransomware are often trapped between having their work disrupted or paying money with no guarantee their missions will resume.
One example of ransomware’s continuous evolution, meanwhile, occurred on August 16, 2019. That morning, ransomware struck more than 20 agencies in Texas, with most of the victims being local organizations. The attack’s unprecedented size and scope led Texas’ government to coordinate with federal agencies on a statewide, multi-jurisdictional response that was the first of its kind. Although the impacted agencies have since recovered, the incident demonstrated how ransomware keeps changing.
“Ransomware comes in many forms,” said Rick Bryant, National Healthcare Architect and Practice Director at Veritas Technologies, LLC. “The goal is to use social engineering or insecure practices to get a payload into your organization.”
Typically, victims encounter either encrypting or non-encrypting ransomware during cybersecurity incidents. Encrypting ransomware encrypts data so that only a key can restore operations, while non-encrypting ransomware halts access to data and files without encrypting them. Leakware or extortionware, meanwhile, exfiltrated data and then threatens to release it unless a ransom isn’t paid.
Unfortunately, ransomware’s rising complexity isn’t the only problem it presents to the agencies encountering it. According to the recent poll, 49% ranked the growing proliferation of attacks as the biggest challenge to stopping ransomware. Other obstacles included:
- Poor user awareness (44%)
- Lack of budget dollars (42%)
- Uncertainty over which solution to use (31%)
- Limited executive understanding and engagement (29%)
- Lack of human resources (29%)
- Lack of executive sponsorship (19%)
- Partners’ lack of preparedness for or a response to ransomware (7%)
Bryant said that agencies can reduce ransomware’s destructiveness by drafting a unified plan for handling all the data in their physical, virtual and cloud computing environments.
“It’s good to test recovery plans,” he said. “Your environments continually change. You’re always bringing in new technologies, storage and users. Your security posture will drift.”
The poll found that 40% of federal and state IT decision-makers said the agency backs up its data every 24 hours. Other participants noted their agency’s backup testing occurred more frequently, with 28% who said every eight or 12 hours. Only 7% said their agency took more than 24 hours (40% weren’t sure).
Ultimately, agencies face a complicated mix of external and internal challenges while guarding against ransomware. Ransomware’s ability to generate profit for cybercriminals, however, means it’s a problem that won’t disappear soon. With ransomware’s menace expanding, it’s crucial that agencies have a plan for responding to it before it breaches their defenses.
And, as successful attacks make ransomware seem inevitable to citizens, agencies’ need to test their responses will only increase.
To learn more about how ransomware is influencing federal and state IT decision-makers, click here to read Veritas Technologies, LLC’s recent survey.