The FBI’s Cyber Division recently released a Private Industry Notification entitled Ransomware Attacks Straining Local US Governments and Public Services. The notification was driven by an increase in ransomware attacks targeting local government organizations resulting in disrupted operational services, risks to public safety, and financial losses. The FBI pointed to local government organizations being attractive targets for cyber attackers due to the public’s dependency on critical services like utilities, emergency services, education, and other services.
Key data points from the notification include:
- In 2021, local government entities were the second highest victimized group in the Government Facilities Service (GFS) sector behind academia in 2021. More cyber resource constrained smaller counties and municipalities were noted to be heavy targets. (GFS is one of the critical infrastructure sectors defined by CISA and includes a wide variety of government buildings including general government facilities that are open to the public as well as special-use military installations, embassies, courthouses, national laboratories, etc.)
- The top three initial infection vectors are phishing emails, remote desktop protocol exploitation and software vulnerability exploitation.
- Attackers have expanded targeting tactics by implementing ransomware-as-a-service business models, sharing victim information among threat actor groups, diversifying extortion strategies, and increasing attacks on cloud infrastructure, managed service providers, and software supply chains.
Ransomware attacks against local government organizations are expected to continue to increase in 2022 with the current geopolitical situation between Russia and Ukraine creating increased risk of cyber attacks on numerous fronts.
The FBI’s Recommendations to Reduce the Risk of Ransomware Attacks
In order to mitigate the risk of ransomware attacks, the FBI provided numerous recommendations for local government organizations. Key recommendations included:
- Proactively initiating contingency planning and having a business continuity plan in place in the event a ransomware attack happens and systems are inaccessible. This includes continuous backup of key systems and data.
- Ensuring software is up to date and vulnerable systems are patched on a timely basis.
- Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a network monitoring tool.
(See the official Notification for a comprehensive list of the FBI’s recommendations).
Using Cyber Intelligence & Active Defense to Prevent Ransomware Attacks
There are two other important steps that local government organizations can do to increase protection from ransomware attacks.
The first is to use cyber intelligence as part of cybersecurity efforts. This includes cyber intelligence notifications and advisories from government agencies like FBI and CISA, as well as cyber intelligence data from commercial threat intelligence providers, open source, government, and industry sources (ISACs/ISAOs). By using a diverse mix of cyber intelligence, local government organizations can significantly increase visibility into threats targeting their organizations. Cyber intelligence can also be used to prioritize the patching of vulnerable systems. For example, cyber intelligence can tell you if a specific software vulnerability is being actively exploited by threat actors. If it is, patching this vulnerability should take priority over vulnerabilities that aren’t being actively exploited.
The second step is to use an active defense strategy. This includes using cyber intelligence in an automated and proactive way to block ransomware attacks from your network. Deploying cyber intelligence in real-time on your networks (physical, virtual, cloud, and remote) can help you block malicious communications to threat actor infrastructure that is involved at multiple stages of ransomware attack. This includes blocking an initial phishing attempt to blocking communications with command and control infrastructure that threat actors are using to deploy and instruct malware and ultimately to exfiltrate sensitive data.
ThreatBlockr is Helping Many State & Government Organizations Protect Themselves from Ransomware Attacks
Today, many state and local government organizations have turned to ThreatBlockr as the foundational layer of an active defense strategy. ThreatBlockr is the only active defense cybersecurity platform that fully automates the enforcement, deployment and analysis of cyber intelligence at massive scale. ThreatBlockr aggregates cyber intelligence from multiple, best-in-class sources, automatically deploys cyber intelligence to your networks (wherever they are), and proactively blocks threats.
The volume of cyber threats continues to grow exponentially. The same is true when it comes to the volume of cyber intelligence. On top of this, cyber threats and cyber intelligence are highly dynamic. These factors combined with the significant resource constraints facing local government organizations means that using cyber intelligence and active defense has to be easy, automated, and affordable. These are critical attributes of ThreatBlockr.
To learn more how ThreatBlockr can help protect state and local government organizations from ransomware and other threats, check out our ThreatBlockr Data Sheet and our State and Local Government Data Sheet.