Print Page   |   Your Cart   |   Sign In   |   Join MISAC
News & Press: General News

Ransomware on the Rise

Friday, May 20, 2016   (0 Comments)
Share |
Ransomware attacks are on the rise, and local governments are in the criminals’ crosshairs. Ransomware is a type of malware that encrypts files, programs and networks. It holds the assets “hostage” until a ransom is paid for the encryption key. 

Criminals have recently made headlines by targeting the health care industry. Ransomware can be sent via email with a legitimate looking link or attachment. Once engaged, however, it infects files and programs on the computer and through the network that computer may be attached to. Attackers demand inordinate ransoms to return records or worse, keep from publishing them on the Internet.  Once the ransom is paid, an encryption key is supposed to be provided to get the assets back. 

In April of this year the Federal Bureau of Investigations (FBI) advised against paying the ransom, often required in bitcoins, an anonymous virtual currency. James Trainor, Assistant Director of the FBI Cyber Division, commented, “Paying a ransom doesn’t guarantee an organization will get its data back—we’ve seen cases where organizations never got an encryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity.”

While most MISAC members are not in the healthcare profession, MISAC agencies deal with sensitive information every day. Imagine the challenge of having an entire building permit system paralyzed, or police records compromised. The results could be devastating for a City. Plus local governments are not likely to spend tax dollars on bitcoin ransom, as that certainly will not go over well with the public. 

What is the old saying? “An ounce of prevention is worth a pound of cure.” In this instance, it truly is. The FBI recommends the following actions to ensure the safety of IT systems: 

Educate all employees, not just those in IT, about ransomware. 
Ensure automatic updates and regular scans are enabled with anti-malware and antivirus software
Patch all software and operating systems on digital devices 
Ensure only those that absolutely must have admin rights have them, thus limiting the number of administrator accounts whenever possible
Disable macro scripts from office files sent via email 
Back up data regularly and ensure the integrity of the backups
Ensure backup devices are not connected to the computers and networks that they back up

A sound backup system may be the best way to get back to business should a ransomware attack occur. If your organization does fall prey to ransomware, contact law enforcement and your local FBI field office and report the attack to the Internet Crime Complaint Center. Lastly, share your tips and ideas for prevention and protection on the MISAC Listserve. By collaborating with one another, we are stronger and more knowledgeable. 

more Calendar

7/16/2018 » 7/25/2018
Internal Consulting Skills for IT Pros

MISAC Northern Chapter Meeting

MISAC Central Chapter Meeting

2017 Annual Conference Images

Become a Member | Resources for your Agency | Blog/List Serv Conversations | Document Library | Awards Program
Association Management Software Powered by YourMembership  ::  Legal