CNCounty News

Ransomware — Both Terrible and Preventable

Author

Image of Shark_Alan.jpg

Dr. Alan Shark

Executive Director/CEO Public Technology Institute and Associate Professor, George Mason University Schar School of Policy and Government

Upcoming Events

Related News

Cybersecurity and protecting gov't systems and info consistently the top priority for local government IT executives 

American companies, counties and cities are breathing a sigh of relief that there was minimum impact from one of the most wide-spread ransomware schemes in recent memory. WannaCry, as it was dubbed, infected hundreds of thousands of computers in more than 150 countries in mid-May.

Learn More

The Multi-State Information Sharing and Analysis Center (MS-ISAC)

Cook County hit by "Wannacry" malware attack

Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Old versions of Microsoft Windows operating systems that had not been updated were the ones at risk for this particular attack.

It would be easy to sit back and move on without using this incident as an important wake-up call. But the continuous threat of ransomware and other forms of malware exists at all times. And while 2015 was a bad year for ransomware attacks IBM reports that it increased 6,000 percent in 2016.

PTI recommends your cyber-security plan address each of the following areas 

  • Physical-Facility Security Personnel (qualifications, access, certifications)
  • Password and Account Management
  • Data Security
  • Network Security
  • Incident Response Policies
  • Communicating with the Public and Other Key Stakeholders
  • Disaster Recovery, and l Employee Awareness and Training

Most alarming is the fact that malware enters systems by someone opening an attachment or link that usually looks authentic. In the government sphere, most at risk are usually small counties and cities — including local police and hospitals.

That said: It appears that most local governments have been quite good at updating and protecting their operating systems. However, the risk is always present and the bad guys are constantly perfecting their craft. Some localities have held off updating their operating systems because of concerns that the newer systems were viewed as being incompatible with some major legacy software.

Organizations that have received ransomware threats were notified that all files will become encrypted and will be destroyed unless a payment is made —often in Bitcoins — not credit cards. This ransomware threat is also impacting personal PCs — some connected to public sector information systems. Most entities wind up paying the ransom as it often is relatively cheap compared with the time and cost of restoring systems.

But as bad as this threat is, it is highly preventable. Here’s what an IT staff can do, and keep in mind the following is generalized for county as well as personal computers:

  • Make sure that whatever operating system you have - all recommended updates are current.
  • All data must be backed up. While county IT staff do this religiously, many mobile and personal devices often get missed. A good practice is to use offline (not network connected) external drives or subscribe to the many online backup services that do this automatically.
  • Use reputable security software and of course, make sure that it is set for updates. 
  • Train all county staff on the importance of being ever so careful in opening attachments or clicking on links.
  • Encourage staff to quickly come forward when something doesn’t look right or they clicked on something they realized a moment later they should not have. Early reporting is far better than any shortsighted punishment.

Cybersecurity and protecting government systems and information consistently rank as the number 1 priority for local government IT executives.

This most recent attack shows just how vulnerable IT systems can be. And with the notoriety it has caused, WannaCry serves as a reminder that cybersecurity is no longer just for IT professionals. Being “security aware” involves everyone within the organization. This most recent scare should be viewed as an opportunity for local government officials to re-examine policies and procedures to protect government networks. When was the last time your security policies were reviewed? 


Cook County hit by "Wannacry" malware attack

Computers in Cook County, Ill., were hit May 12 by the “WannaCry” malware, a global cyberattack that took computer files in at least 150 countries hostage with ransomware. The WannaCry malware was tentatively linked to hackers in North Korea, the Associated Press and others reported.

“I can confirm that a small number of Cook County systems were impacted by the WannaCry malware attack last Friday,” said Frank Shuftan, a spokesman for Cook County Board President Toni Preckwinkle. “We initiated our standard security procedures to address the issue.”

No major county operations in Preckwinkle’s offices were impacted, he said. On Tuesday, the county was working to finish up restoring its computer systems that were hit with the malware.

There have been no reports of other U.S. counties being infected with the malware.
 

Attachments

Related News

Man at call center
Advocacy

FCC takes critical steps to improve the 988 National Suicide Lifeline

On March 21, bipartisan congressional leaders and FCC Chairwoman Jessica Rosenworcel announced steps to improve the 988 National Suicide Lifeline. This announcement marks major progress on the nation’s crisis response, a priority for counties and a key policy pillar of the NACo Commission on Mental Health and Wellbeing.

Arati Prabhakar, director, White House Office of Science and Technology, speaks to county officials at AI Summit. Photo by Leon Lawrence III
News

Creating guardrails will be ‘essential’ to the success of AI

CFBP director: Counties should focus on the ways artificial intelligence affects residents, particularly those who are most vulnerable to AI scams, rather that becomming experts in the technical specifications of artificial intelligence.

FCC
Advocacy

FCC appoints county leaders to Intergovernmental Advisory Committee

On March 12, the Federal Communications Commission announced new members to the Intergovernmental Advisory Committee, including its appointment of the seven county representatives.