Federal agencies face an incredible threat as ransomware attacks continue to evolve and attackers grow more and more evasive. While in its nascent stages, the breaches were purely about forcing victims to pay ransom to get their data back. The new breed of attackers want to disable organizations completely.
To make this happen, cyber criminals have been aiming at new targets, including the data backups that are supposed to save an agency in the event of an intrusion. By shifting their target to these backups, attackers are hoping to catch federal networks off guard and completely disable them.
While this prospect may seem insurmountable, there are ways to combat these new threats and keep sensitive federal data safe from falling in the hands of nefarious actors.
Where it started
It’s instructive to understand the history of ransomware as a way of contextualizing the current threat landscape, especially since this type of attack has had nearly 35 years to evolve from malicious code on floppy disks to the sophisticated campaigns we see today.
As the legend goes, ransomware was created in 1989 by Joseph L. Popp, a Harvard-educated biologist. Popp had attended the World Health Organization’s AIDS conference and, afterward, sent out to attendees 20,000 floppy disks that posed as questionnaires about the spread of AIDS.
But when they opened the files on their computer, malware called the AIDS Trojan spread and encrypted all of their system data. From there a message popped up that said the data would be released if the victims mailed $189 to a post office box in Panama.
Thankfully, the malware propagated by Popp was primitive and unsophisticated so IT workers were able to quickly find the key to decrypt the ransomed data without having to make the payment.
Unfortunately, cyber criminals much smarter than Popp used his model to develop and evolve ransomware into the juggernaut it is today with attacks like 2017’s WannaCry, which was estimates say affected more than 200,000 computers across 150 countries and caused damages totaling hundreds of millions of dollars.
Where we are now
Now, ransomware attacks have the potential to significantly disrupt agency processes and put secure, confidential information at risk. In fact, the White House said in an October fact sheet that ransomware is one of the top challenges affecting the nation’s cybersecurity. The proof has been borne out in statistics. Between 2018 and 2020, over 246 ransomware attacks affected the U.S. government organizations — federal, state and local — to the tune of $52.88 billion. And unlike attacks on the private sector, ransomware aimed at governments are often not about the money, but rather disrupting and even destroying public systems.
As techniques continue to evolve, ransomware will remain an issue and organizations must be prepared. While it is crucial for agencies to take the steps outlined by CISA to protect their networks, agencies must additionally secure their data backups as they become the new target for ransomware attacks.
Facing an immense challenge
To help guard against some of these tactics, federal agencies can take several clear steps to evolve their security posture.
Develop robust data backup strategies and immutable contingency plans. This means putting in place a strategy based on evolving threats. This will allow for fast and complete data recovery and ensure potential ransomware attacks can be mitigated.
Practice, practice, practice. Agencies should be practicing steps that need to be taken in the event of a ransomware attack. This is the only way to identify potential challenges in the plan and familiarize employees with what they need to do. This also ensures that the first time the plan is activated isn’t in a high-stress cyber response scenario.
Rely on traditional, tested methods. Even as new tactics evolve, tried-and-true tactics often still work best and can often be overlooked. A strong software patch management strategy limits the software vulnerabilities attackers can leverage, challenging attackers before they even enter the network. These strategies will help reduce an organization’s risk of ransomware exposure, especially now as so many are working remotely.
Utilize the 3-2-1-1-0 strategy. Maintain three copies of important data; on at least two different types of media; with at least one of these copies being off site; including one data backup that is air-gapped, offline or immutable.
Ransomware as an attack method isn’t going anywhere. Cyber criminals have been using the tactic for decades to great success and have evolved the strategy to compete with some of the most fortified systems in the world. Agencies must remain innovative and resilient to combat these efforts. That can be done through a well-thought-out data management and backup strategy and an agency workforce that is prepared to put that plan into practice in the event of an incident.
Rick Vanover is senior director for product strategy at Veeam.