Ransomware is malicious software that denies access to a computer system or data until a ransom is paid. An increasing number of ransomware attacks are targeting government institutions, including the courts (https://statescoop.com/report-ransomware-attacks-against-state-and-local-government-are-on-the-rise/. At least 20 incidents recently happened in Texas alone (https://www.cnbc.com/2019/08/22/texas-ransomware-attacks-tell-the-us-cybersecurity-story.html). The cost is staggering: responding to one attack cost Baltimore City $18.3 million, and governments nationwide spent many millions of dollars just in ransom payments (e.g., Riviera Beach, Florida paid $600,000 in June). A recent Court Leader’s Advantage podcast highlighted what happened in two courts in Georgia, and how they responded (https://courtleader.net/2019/07/28/held-for-ransom-how-safe-is-your-data/).
We must do much better to prevent and respond to ransomware attacks. It takes a comprehensive approach to minimize the risk and maximize the ability to respond effectively. The Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security has this advice (https://www.us-cert.gov/Ransomware):
- The prime measure is to keep systems secure by:
- properly limiting system and network access,
- securing accounts with multi-factor authentication,
- training employees on phishing attacks, and
- keeping systems updated with the latest patches.
- The second measure is to have a solid disaster recovery plan in place. Backups are essential for restoring data, but unless the recovery plan has been thoroughly tested, the actual process of recovering systems rarely goes as smoothly as hoped, especially when bringing live systems back online.
- Finally, governments can use cyberinsurance to reduce recovery costs.
The June 7 Court Technology Bulletin addressed ransomware, including a very useful list of references to help one understand and respond to ransomware (https://courttechbulletin.blogspot.com/2019/06/virus-attack-takes-down-court-what-can.html). The Bulletin advised one to follow the CISA tips above, and also adds something not many references include, consider avoiding being a target in the first place by using one of these techniques:
- Switch to cloud office software that only needs a new browser to use? Both Microsoft Office 365 and Google G Suite are primary options here. This gets you up to date and protected via their enterprise cloud security. An advantage is it will be much easier to recover from workstation infection, but this approach does cost some per month in recurring fees.
- What do you do if you have NO money? I have suggested LibreOffice running on a Linux workstation distribution in the past as an option. LibreOffice Word works just fine with Microsoft .doc and docx file formats. And the XML based format makes it easy to work with for templates and data/mail merge. It really isn’t all that hard to get this running. Here is a link to the Ubuntu Desktop web page to check it out: https://www.ubuntu.com/desktop
- And a third option is to perhaps move to the Google Chrome OS-based systems, but that may require buying new hardware. For a discussion on Chrome OS versus Windows safety see: https://www.ricksdailytips.com/chromebook-safety-vs-windows/
- The fourth and likely a popular option is to go to Apple iOS (version 13 coming soon). If you have the money this is a perfectly fine approach. It is a very safe system so much so that Kaspersky Labs doesn’t offer an antivirus app for this environment. https://www.kaspersky.com/blog/ios-security-explainer/23811/
If, despite one’s best efforts you are the victim of a ransomware attack, you have only a two choices. You can pay the ransom and hope that the result is a restoration of your computer system or you can decline and work to restore your system’s functionality (by using backups or rebuilding from scratch). The September edition of Government Technology magazine has an interesting opinion piece that advocates never paying a ransom to restore government computer systems (https://www.govtech.com/opinion/Hit-with-a-Ransomware-Attack-Dont-Pay-the-Hackers.html). The author, after citing the growing problem and giving a quick summary of advice on how to respond to ransomware attacks, concludes with this recommendation:
But even with these measures, some governments will still fall prey. And the only way to stop these attacks is if governments make a firm commitment to not pay ransoms. In July, the U.S. Conference of Mayors passed a resolution opposing paying ransoms for IT security breaches, but this pledge has not yet stopped local officials from continuing these payments. It is time for state legislatures to step in and pass laws to tie the hands of city and county officials. Attackers will then turn their attention to more vulnerable and lucrative targets.
The idea is that if we stop making ransom payments we will stop being worth the trouble to attack. I agree, and to make this work all government entities should make sure to implement strong preventive and reactive measures. Failure to do so will only cost all of us millions of dollars more.