State

MS-ISAC official: Ransomware is top malware of concern for states, counties

Government IT systems are under rising attack from ransomware threats, security experts told executives at the National Association of Counties conference.

By Jake Williams

July 21, 2016

LONG BEACH, Calif. — Ransomware attacks are on the rise nationwide, and that includes state and local governments, according to a senior official at the Multi-State Information Sharing and Analysis Center.

Speaking during a Chief Information Officer Forum at the National Association of Counties’ annual conference, Gina Chapman, the senior director of operations for MS-ISAC, said ransomware attacks on the networks they monitor were on a “continuous incline” from October 2015 through May 2016.

“Ransomware is our No. 1 type of malware right now that we’re seeing,” Chapman said.

During the October through May period, MS-ISAC observed 450 infections per month at its highest point. Ransomware attacks on governments declined slightly in June, Chapman said, but governments should not let their guard down — cyberattacks traditionally decrease during the summer months.

Chapman’s data matches up with the data Kevin Haley, Symantec’s director of product management and security response, sees as well. In 2015, the cybersecurity company identified 100 completely new types of ransomware that didn’t match up to any previously-existing malware.

“Everybody’s writing new malware to go out and get us held hostage,” Haley said.

Both Haley and Chapman said government’s’ best response to the threat of ransomware was a consistent backup of systems with those backups stored in a separate location outside the network.

If a government device is compromised due to a ransomware attack and there’s no backup of the data on that device, then governments might have no other option but paying that ransom. And even when that ransom is paid and the officials have access again to that device, governments have no guarantee that there won’t be remaining malware on the device.

“People are paying the ransoms,” Chapman said. “The end-all be-all is the backup. If you do get infected, your data is still there and you don’t have to pay the ransom. Unfortunately, what we see is a lot of people don’t have the backup and do have to pay the ransom.”

In addition to backups, the experts also recommended officials stay on top of patches, increase the effectiveness of email filtering and train employees of how to detect potential cyber threats.