Cloud Hosting

INDUSTRY INSIGHT

It is no surprise that governments around the world are among the most highly targeted and impacted victims of ransomware. Last years SolarWinds data breach in the U.S. was a reminder of the ability of cyberattacks to penetrate public-sector agencies and unleash damage across a federal agencies.

According to new independent research from Sophos, over the past year, 40% of central governments and non-departmental public bodies across the globe were attacked by ransomware. This put central governments and NDPBs fourth in a ranking of industries most afflicted by ransomware, surpassed only by retail, education and business/professional services. Considering that federal governments employ trained IT staff, the fact that four in 10 were unable to stop a ransomware attack speaks to the ability of cyber attackers to penetrate even the best defenses. More than one-third (34%) of local governments also reported experiencing a ransomware attack over the past year curious, considering that local government agencies would presumably have a fewer resources to defend their systems.

Extortion-style ransomware disproportionately aimed at central governments

One disturbing trend seen in ransomware over the past year has been the emergence of extortion-style attacks. Ransomware typically involves encrypting a victims data and then exchanging the decryption key for payment. Lately, extortion-style attacks where the attacker steals the data rather than encrypting it and threatens to release it (either to the dark web or to the public) in exchange for a ransom payment have started to pick up steam.

This is especially acute in the government sector. Central governments and NDPBs experience extortion-style ransomware at nearly double the rate of all industries. That said, encryption-based attacks still remain the most dominant strain of ransomware, comprising almost half (49%) of attacks faced by central government and NDPBs.

In ransomware attacks against local governments, 69% of victims saw their data encrypted a staggering 20 points greater than what central governments had experienced. These numbers point to an interesting split: Ransomware attacks against central governments are slowly moving from encryption-style to extortion-style attacks, while encryption-based attacks against local governments remain extremely high and extortion-based attacks rare (2%). This difference may be because central governments have relatively higher-value data to steal and hold for extortion, and local government agencies, on the other hand, dont have the kind of national secrets that central governments do, perhaps sparking less interest among attackers.

Why its not worth paying the ransom

In the heat of a ransomware attack, its easy to see why just paying the ransom to get data back (or prevent public release) can feel like the path of least resistance. Thats what attackers are counting on, after all. But its not necessary. The survey reveals that most (61%) central governments and NDPBs hit with ransomware restored their data from backups. Only 26% ended up paying the ransom to get their data back. In total, nearly all (96%) of central government victims ended up with their data restored. These findings speak to both the need to back up data proactively and how unnecessary it is to pay the ransom to get data returned.

The findings may also point to central governments awareness about data backups that may not be shared by their smaller counterparts. Among local government organizations that were hit by ransomware, there was an even split between those who restored data through backups and those who paid ransoms to get their data back 42% for both indicating that smaller agencies perhaps have a greater need to pay ransoms in order to restore their data, as well as a lack of backups to draw from.

Five ways to stay ahead of government-targeted ransomware

Governments are some of the least prepared organizations in the world to recover from a major malware incident like ransomware. Among all industries surveyed on their malware incident recovery planning preparedness, both central and local governments ranked at the bottom of the list. This cannot continue to be the status quo particularly when so many central and local governments have either been attacked by ransomware already or expect to be attacked in the future.

Staying ahead of the ransomware curve calls for more preparedness. Here are five easy steps that central and local government agencies take now to mitigate the probability of a ransomware attack and improve their chances of recovering from one.

About the Author

Dan Schiappa is the chief product officer at Sophos.

Read the original here:
5 ways to stay ahead of government-targeted ransomware - GCN.com