By Stop.Think.Connect.TM Campaign
Every day, police officers, firefighters, paramedics, transit operators, utility workers, and other public safety workers rely on computer systems to do their jobs, but these essential systems are increasingly vulnerable to attacks from cyber criminals.
According to the Multi-State Information Sharing and Analysis Center, the ransomware strain WannaCry affected “tens of thousands of computers in dozens of countries” in May. This included technologies within hospitals, banks, railways, colleges, and telecommunications companies. The massive scale and severity of this attack demonstrated the devastating impact ransomware can have on businesses and organizations of every type, including public institutions.
What is ransomware?
Ransomware is a malicious software (malware) that infects a computer system and blocks access to it until a ransom is paid. Ransomware typically spreads through phishing emails or infected websites.
Once a computer system is infected, it will display a message saying that the computer has been locked and its files encrypted. To unlock the computer, the attacker will demand a ransom, which usually keeps increasing until it is paid.
How ransomware threatens public institutions
Public institutions – including fire stations, emergency medical service providers, police stations, and hospitals – are prime targets for ransomware attacks because they hold valuable data, such as medical records, social security numbers, home addresses, and bank account numbers. Cyber criminals are highly motivated to attack these types of sensitive data because they can extort higher ransoms for them.
Ransomware can be especially damaging to police stations, hospitals, and fire stations because they cannot continue operating without irreplaceable data and systems, such as medical information, dispatch centers, and investigative documents. Cyber criminals are also fully aware that these institutions and their systems often lack adequate cybersecurity to defend against ransomware attacks.
To keep computer systems and critical information safe, public safety leaders must know how to protect their organizations from ransomware. Here are five proactive steps for defending against and responding to ransomware attacks.
5 steps for defending against ransomware
- Back up your data. Make sure all your essential data is backed up offline and that your backups are regularly tested and updated. Ransomware operates on the idea that you have just one copy of highly valuable information. If you have secure, offline copies, then the copy the hackers stole has less value. With up-to-date backups, your institution can quickly recover from an attack and resume operations.
- Have a contingency plan. Discuss what a ransomware infection would cost your institution and consider your response before an infection occurs. Keep in mind – even if you pay the ransom, you are not guaranteed to get your data back. Paying the ransom could also fund further criminal activity and encourage cyber criminals to continue generating ransomware attacks.
- Train your employees. Every person with access to your computer system has the potential to encounter ransomware, which is why training is so important. Make sure every user of your computer system understands the danger of ransomware attacks and knows to be cautious of this threat. Simple concepts – like flagging suspicious emails and not clicking on links from unfamiliar sources – are crucial for preventing ransomware infections.
- Keep patches updated. A patch is a piece of software created to fix or update a computer system. Cyber criminals usually target out-of-date applications and operating systems in ransomware attacks, so it’s crucial to update your software and operating systems with the latest patches. Patching your computer system reduces the number of entry points an attacker can exploit.
- Test your system. Penetration testing of your system can help you identify vulnerabilities in your network protection and test the effectiveness of your response and recovery plan. It can also help you develop protocols for multiple ransomware scenarios and increase employee awareness of potential cyber threats.
If your institution falls victim to a ransomware attack, be sure to disconnect the impacted devices from your network to prevent the infection from spreading. You should then report the attack to an FBI field office as well as the Internet Crime Complaint Center. You can find out more about current ransomware threats by visiting the United States Computer Emergency Readiness Team’s website.
About the Author
The Stop.Think.Connect.TM Campaign is a national public awareness effort aimed at helping the American public stay safe online. The campaign offers resources and tools to help Americans strengthen their cybersecurity practices and understand cyber threats. Learn more at https://www.dhs.gov/stopthinkconnect.
Webinar: Cyberattacks against Government Agencies