Ransomware attacks seemed to have declined in 2018, but not in 2019. Ransomware attacks in Q1 of 2019 increased by 195% and increased by 184% in Q2. Looking at the number of reported ransomware attacks in the last few weeks, it looks like Q3 will be even worse.
Attackers are targeting states, cities, and local governments just as much as the healthcare industry. A lot of victims were compelled to pay the ransom to recover access to sensitive data. Some had to permanently shut down their operations.
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), National Governors Association (NGA), Multi-State Information Sharing & Analysis Center (MS-ISAC), and the National Association of State Chief Information Officers (NASCIO) responded to this concern by issuing a joint statement and recommendations for improving resilience towards ransomware attacks.
Though the statement focuses on state, local, territorial and tribal governments, the recommendations are just as applicable to the healthcare sector and other industry sectors.
Applying the three steps specified in the statement will help strengthen defenses against ransomware and ensure quick recovery in case of an attack. The three recommended steps are as follows:
- Backup systems now (and everyday)
- Enhance cybersecurity awareness training
- Modify and improve cyber incident response plans
Victims of ransomware attacks will have no choice but to pay ransom to their attackers without data backups. But ransom payment does not guarantee file recovery as has been seen on a number of occasions. Even if keys are given to unlock encrypted information, expect some data loss.
It is thus important to make sure that all sensitive information, agency and system data have daily backups located on another, non-networked, offline storage. Test backups and the restoration procedure to be sure that file recovery works. The joint statement advices all concerned entities to backup their systems right away and everyday.
Employees most often inadvertently install ransomware after responding to a phishing email or viewing a malicious web page. It is hence crucial to be sure to inform the workforce about the threat and train them how to identify suspicious emails and url links.
Although the employees already had their training in the past, refresher training lessons are advised. The employees must also know the appropriate actions to take in case there’s a potential threat or an attack is in progress.
While it’s not possible to stop all attacks, having a ransomware response plan that could be promptly implemented during an attack is essential. The response plan must have options that could be executed when internal capabilities become bogged down and guidelines and contact information available for external cyberattack first responders, state agencies, and other entities that need to extend support after an attack.
The guidance document may be downloaded here.