5 Ransomware Attack Tips for Government Agencies


If government agencies separate their backups, use layered protection, and supplement detection technology with human skills, they can reduce the likelihood of ransomware attacks. Moreover, they can improve their chances of recovery without much loss.

Cybersecurity and ransomware attacks

It’s no surprise that Governments are among the most common targets and victims of ransomware attacks. The SolarWinds data breach in the United States served as a reminder of the ability of a cyberattack to penetrate public sector entities. Moreover, we have seen how it can cause considerable damage.

According to a recent independent analysis, ransomware affected 40% of non-departmental public entities and central governments worldwide in the last year. Only education, retail, and business and professional services ranked higher in the ranking of sectors most affected by ransomware.

Given that federal agencies employ top-notch IT staff, the fact that four in ten were unable to stop a ransomware attack speaks to the ability of cyber attackers to breach even the most robust defenses. .

More than a third of local governments reported being victims of a ransomware attack in the past year. This is surprising given that local government agencies likely have fewer resources to protect their systems.

Extortion-type ransomware targets central governments disproportionately.

The development of “extortion” type attacks has recently been a worrying trend in ransomware. Ransomware encrypts a victim’s data. After that, they demand payment in exchange for the decryption key.

Extortion attacks, in which an attacker steals data rather than encrypting it, are another form of this threat. Once they have the data, they threaten to release it either to the general public on the dark web. In exchange for a ransom, they won’t disclose it. These types of attacks have recently gained ground.

This is particularly important in the public sector. Extortion-type ransomware affects central governments and NDPBs at almost twice the rate of other industries. However, encryption-type ransomware remains the most common type of ransomware. They account for nearly half of all attacks against NDPBs and central governments.

Local governments hit hardest by ransomware attacks

Local governments have been hit by ransomware attacks in which 69% of victims have had their data encrypted. This is a figure 20 times higher than that of central governments. What’s more, these numbers reveal an intriguing split. Ransomware attacks against central governments are gradually shifting from encryption to extortion. However, encryption-based attacks against local governments are still common. However, attacks based on extortion are rare.

This discrepancy could be because central governments have more valuable material to steal for extortion. However, smaller government institutions do not have the same level of national secrets, resulting in less interest from attackers.

Why paying the ransom is not worth it.

It’s easy to see why, in the midst of a ransomware attack, paying the ransom to prevent publication or getting your data back might seem like the best option. After all, that’s what the forwards are hoping for. However, this is not necessary.

According to the report, the majority of NDPBs and central governments affected by ransomware were able to restore their data from backups. Only 26% of those who paid the ransom got their data back. In total, almost all central government victims had their data restored. These results highlight the importance of proactive data backup. Moreover, they show the futility of paying ransom to recover data.

The findings could also indicate that the federal government is aware of data backups that its smaller equivalents may not be aware of.

There are five techniques to avoid government-targeted ransomware attacks.

Governments are among the least prepared institutions in the world to recover from catastrophic computer attacks such as ransomware attacks. Municipal and central governments were placed at the bottom of the list for malware incident recovery strategy readiness among all surveyed industries.

We cannot allow this to continue! This is especially true when so many local and central governments have been affected or plan to be affected in the future.

Therefore, to stay ahead of the ransomware curve, they will need better preparation. Here are five simple steps government organizations can take right now to increase their chances of recovery and even reduce the risk of ransomware attacks.

1. Suppose an attack is on the way.

Currently, only 22% of local government organizations and only 12% of central government institutions expect to be affected by ransomware. These two should be zero! The sooner agencies accept the certainty of an attack, the more urgent it will be to take steps to reduce the likelihood of an attack.

2. Layered security is essential across the entire network.

Extortion-type ransomware attacks are on the rise. This is especially true among central governments. Therefore, it is more critical than ever for governments of all sizes to provide layered protection across as many entry points as possible.

3. Add human specialists to anti-ransomware

Moreover, they should combine anti-ransomware software with human experts. It is crucial to identify red flags that suggest an imminent attack. However, a technology-only approach would overlook most of them. Therefore, the answer is to combine software with professional and personal threat hunting teams.

4. Back up your data before an attack.

Although it may seem obvious, only 43% of NDPBs and central governments and only 17% of local government agencies have isolated data backups. After ransomware attacks, data backups are the best approach to restore data.

5. Never pay ransoms.

Paying a ransom for your data does not guarantee that the data will be returned. Government organizations that pay ransoms recover on average only 65% ​​of their data. Additionally, paying ransoms encourages more ransomware attacks. However, this still does not guarantee that the victims will receive all their data. Just refuse to pay and save the data instead.

Image Credit: Ricardo Esquivel; pexels; Thank you!


Comments are closed.