Surviving a Ransomware Attack

Cybersecurity attacks on government organizations have increased by more than 400% between 2019 and 2023. In a society where everything we do is digital, the reality is that there is a risk to your sensitive data.

This does not mean that your agency or organization is due for an impending attack, but it does raise an important question, “If my agency is targeted, what do I do?”

In this article, we explore statistics in the public sector, a case study of how an agency survived an attack, as well as steps you can take to against ransomware attacks.

The Impact of Ransomware on The Public Sector

Verizon conducted a recent study of data breach investigations that analyzes the nature of cybercrimes in the U.S., and a breakdown of how different industries are affected.

The study showed that between November 1, 2021, and October 31, 2022, there were 3,273 incidents of cyberattacks on the public sector. Among the top patterns found were system intrusion, lost and stolen assets and social engineering (the tactic of manipulating others to gain access or control of their sensitive data).

The top motive for these attacks was financially influenced – ransomware.

The number of attacks on public safety entities continues to increase. In May 2022, a New York EMS provider was subject to a ransomware attack where roughly 320,000 patients’ information was compromised.

Hackers are even targeting organizations such as fire departments. A department in South Carolina fell victim to a cybersecurity attack where payroll information was compromised. The hackers changed employee direct deposit information and redirected paychecks to new accounts.

There are thousands of examples that prove the risk to the public sector, and these examples demonstrate that there are lessons to be learned to prevent an attack and reduce the impact if an attack occurs.

A Case Study from the Boulder Regional Emergency Telephone Authority

In December 2021, the Boulder Regional Emergency Telephone Authority (BRETSA) experienced a ransomware attack affecting seven agencies in their jurisdiction, as well as 23 additional contracted agencies – all responsible for providing emergency dispatch in Boulder County Colorado.

Hackers were able to intrude on their systems due to an admin user recycling the same credentials across different departments and agencies. The attack compromised their operations and their ability to quickly provide emergency response services to citizens. Additionally, there was a tremendous impact on their dispatch team.

In an attempt to save what data they could, they were forced to shut down all CAD, RMS and mobile systems for all their agencies. For two days, dispatchers took calls and manually recorded information on cards and whiteboards; and eventually, manually entered this same information into their CAD system once they were up and running.

BRETSA suffered losses in data and endured a nightmare for two days of manual dispatch, but they were able to reduce the impact by having existing cybersecurity procedures in place.

They were able to restore their systems with a saved snapshot before the attack. They attribute this to the fact that hackers weren’t able to find their backup files because they were saved under generic names that did not indicate what the files were.

The team at BRETSA also implemented a firewall policy to limit the traffic between their two data centers to help prevent further loss of sensitive data.

Lessons learned from BRETSA:

• Don’t title files as “backup” and “snapshot,” as it makes it easier for hackers to find and encrypt those files.
• Limit the number of accounts that have access to servers.
• Differentiate the credentials for admin users as much as possible.
• Always use multifactor authentication for any type of server access.

How You Can Prepare Your Agency Against Ransomware Attacks

No one can predict when an attack will occur, but you can take steps to be prepared against a ransomware attack.

As discussed in the previous case study, it’s crucial to stay vigilant about monitoring admin access. Continuing to change login credentials and using multifactor authentication are necessary steps that can make a difference.

You can also be prepared by setting up security policies and procedures to ensure that there is a plan in place and that all team members understand how to securely use company technology.

Conduct regularly scheduled audits. Many organizations aren’t aware of security threats until it’s too late. Regular audits help you to maintain consistent awareness of potential weaknesses and allow you to see vulnerabilities in your systems.

Read more on steps you can take to help prevent a data breach.

Partners In Protective Your Sensitive Data

CentralSquare is committed to providing technology that keeps your organization and community safe, and that includes your sensitive information.

You can learn more about how CentralSquare uses cloud technology to provide your agencies and community with the best in cloud security and reliability.