The FBI and CISA has indicated that ransomware attacks are becoming a safety risk to public services as they are attractive targets to cybercriminals due to their critical nature. Public services such as utility companies, emergency services, safety operations, healthcare and the education sector are being increasingly targeted and sensitive personal data is being stolen which is putting local residents at risk of fraud.
Local governments will see no decline in these attacks as the deployment of malware continues to evolve. The FBI explained a ransomware attack in January of this year forced a US county to take down their computer systems and enact an emergency response through their backup procedures. The county jail was targeted which meant surveillance cameras were deactivated along with the jail’s data collection capabilities, automated doors, and internet access. This obviously caused alarm amongst employees and resulted in significant safety concerns for the facility.
There are plenty of other examples too, including an attack in September 2021 that closed a county courthouse and the attackers subsequently leaked personal details of employees and residents online after the ransom wasn’t paid. And in May 2021, several local governments were infected with a ‘PayOrGrief’ ransomware attack that led to servers and online services becoming inaccessible.
According to the report, only academia and higher education facilities were attacked more frequently than local government services in 2021. The FBI has restated several times that victims should not pay any ransom demands because it may encourage further attacks. However, some targets decide to pay so they are able to quickly restore their services.
After paying the ransom though, restoring a network can be a complicated and long task to complete, and there is no certainty that the decryption key provided by the hackers will work or that they won’t return later. The FBI encourages all victims to report any ransomware incident to help prevent future attacks.
They have also recommended numerous cybersecurity measures [PDF] that businesses can enact to help prevent becoming a victim, including keeping software and operating systems up to date with the latest security patches, and requiring strong passwords for online accounts. This makes it harder for criminals to exploit network and system vulnerabilities and guess user passwords.
In addition, organisations should keep offline backups of their data that are regularly tested and updated so networks can be restored without decryption keys. Employees should require the use of multi-factor authentication for their webmail, accounts, and VPNs to add an additional layer of protection against such attacks.
No comments:
Post a Comment