How state and local agencies can manage evolving ransomware tactics

Cybersecurity challenges and the threat of ransomware are evolving in new ways for state and local governments as adversaries adopt more sophisticated tactics. In a new video interview for StateScoop, Rob Lalumondier, vice president for enterprise and public sector at Sophos, highlights what agencies may be overlooking about these new tactics and shares defense strategies agencies should consider heading into the new year.

“Government entities — state, local, and even public education institutions — have vast attack surfaces and sensitive data, making them constant targets for cybercriminals, nation-state actors and hacktivists,” says Lalumondier. He emphasized that while rapid digital transformation across government services improves efficiency, it also expands vulnerabilities.

Lalumondier noted that attackers increasingly exploit non-technical weaknesses, such as stolen credentials and unpatched vulnerabilities. “These tactics make attackers resemble legitimate users in your network, evading detection tools,” he says. One example causing new concerns is the use of the Remote Desktop Protocol (RDP), with over 90% of ransomware attacks leveraging it, according to Sophos research.

Lalumondier, recognizing the budget and staff constraints most agencies face, urged state and local agencies to concentrate on implementing least-privilege principles. “Blocking RDP access for unnecessary users and ensuring robust authentication can significantly mitigate risks,” he says. He also recommended updating firewall configurations and adopting multi-factor authentication, among other Sophos security guidelines.

He also suggested agencies use advanced tools like Sophos’s CryptoGuard to detect and block ransomware attacks. “CryptoGuard doesn’t just monitor for malicious files — it analyzes data files for signs of encryption and can roll back files to their unencrypted state,” says Lalumondier. This proactive approach protects against both local and remote ransomware out of the box.

Lalumondier stressed the importance of action-oriented risk management for state and local leaders. “Identifying vulnerabilities is only the first step,” he says. “Without a concrete plan to address them, organizations remain at risk.”

Learn how Sophos can help government agencies identify and stop cyber threats.

This video panel discussion was produced by Scoop News Group for StateScoop and underwritten by Sophos.