Protecting local government offices from ransomware

This entry was posted on Thursday, February 16th, 2017.

Last week, cyber criminals targeted computer systems operated by the government of Licking County, Ohio with a virus and an accompanying financial demand that has been labelled ransomware. Ransomware is typically used to lock systems and encrypt files, effectively denying access to data until payment is remitted.

Although county offices remained opened to the public, online access and landline telephones were not available for those on the county system. According to the Newark Advocate, the attack forced certain departments to perform their jobs without the use of computers or office telephones. For example, dispatchers at the 911 Center did not have access to their computers, although 911 Center phones and radios remained operational.

The ransomware cyber-attack against Licking County is part of a growing trend, one that has seen cyber criminals setting their sights on a wide range of targets including CCTV cameras, schools, hotels and even hospitals. Indeed, ransomware payments for 2016 were estimated to hit a billion dollars, with some businesses paying considerable sums to unlock their data.

Instances of ransomware are only expected to increase in 2017, as more and more vulnerable systems and “things” connect to the Internet. According to Beazley, evolving ransomware variants permit hackers to methodically investigate a company’s system, selectively lock the most critical files and demand higher ransoms to seize the more valuable (unencrypted) files.

As Asaf Ashkenazi, senior director of marketing for Rambus Security, recently noted in a Semiconductor Engineering article, unprotected endpoints allow attackers to remotely access everyday physical features that are critical to maintaining routine business operations. To make matters worse, says Ashkenazi, lax law enforcement in certain countries and jurisdiction limitations complicates efforts to apprehend and successfully prosecute the perpetrators. Left with little or no choice, businesses often opt to pay the ransom, which in turn, fuels an already burgeoning “ransom industry” and encourages additional criminal activity.

“Although it is difficult to prevent, the frequency of successful malware attacks can be reduced by understanding that any endpoint, which may have originally been designed to work offline, is exposed to attack once it is connected to the Internet,” he explained. “Unfortunately, there is a common misconception that only critical infrastructure and big businesses are prone to remote attacks. Nevertheless, with connectivity and automation becoming ever more common, implementing effective security solutions should be a top priority for mid-size and small businesses.”

Ashkenazi also emphasized that security is a critical element of any Internet-connected system, even if it does not involve critical functions. To increase mass adoption, he says, security solutions should be simple, affordable and easy to use. For example, as more businesses adopt common security practices and solutions, the success rate of ransom attackers will decline, which will eventually discourage cyber criminals from participating in an unprofitable and obviously risky business.

“Simple and affordable solutions require a comprehensive solution that implements security at the transistor level (as per DHS recommendations), while protecting vulnerable endpoints and services. Solutions should also be capable of pre-provisioning keys as an out-of-the-box security feature, thereby allowing OEMs and service providers to bolster security for a wide range of connected ‘things,’” he added.