The growing threat of ransomware

By Rodney Caudle

Ransomware attacks were virtually unheard of a few years ago. But they skyrocketed in 2016, netting cyber extortionists more than a billion dollars, according to the FBI.

Last year, ransomware shut down county services in Indiana; ransomware dubbed “MarsJoke” took aim at state and local agencies and eastern European hackers hit police departments nationwide.

When a victim opens an infected attachment, clicks a malicious link in an email, or visits a website that exploits a software vulnerability on the user’s computer, ransomware strikes. Recent variants of ransomware block access to resources by encrypting the data on the system and demand payment (usually in the form of bitcoins) in return for a decryption key that is supposed to unlock the files. Encryption of all data on a hard drive and attached resources such as network shares and cloud storage may begin as quickly as a few seconds. Or, the ransomware may wait for several days and appear only after the encrypted files have rolled over into an organization’s backup system.

Your agency is on the ransomware radar

Because of the profit potential, ransomware will become epidemic in 2017, with ransom amounts likely to jump higher and hackers’ methodologies becoming ever savvier. Although municipal government departments are no more or less susceptible to attack than other organizations, cyber extortionists do test social engineering techniques on certain industries, such as police departments, and attack others in the same industry when they find success with a few.


Prepare for battle

A ransomware attack can force municipal government leaders into vexing debates over whether or not to pay the cyber-extortionists. Rather than having to decide on a course of action in the stressful moments after an assault, the better approach is to prepare in advance. Consider, for example:

  • Know your organization’s stand on paying a ransom. Some organizations will get their data back if they choose to pay the ransom, but it’s not a guarantee. Recovered data may be damaged or incomplete. Evaluate the economics of paying or not paying and create a policy in advance of the attack.

  • If your agency decides its policy is to pay, consider stockpiling bitcoins so payment can be made quickly, saving precious time during which your agency might otherwise be unable to operate. If your agency decides it won’t bend to a ransomer’s demand, discuss with your security team what you should do to protect your files from ransomware as much as possible.

  • Back up your data daily. Consider paying extra for a cloud provider to maintain versions of your files so that, if a ransomware encryption is copied to your cloud files in a daily backup, you’ll still have access to earlier, unencrypted versions of your data. If you use hard drive backups, maintain an overwriting cycle longer than one week, the typical threshold for ransomware that doesn’t appear until it has had time to encrypt backup files.

  • Install next-generation antivirus software that monitors the behavior of the application instead of matching the application to a strict signature. No antivirus software is failproof. However, next-gen products could, for example, detect that it isn’t normal to open a spreadsheet and have it launch a desktop file that reaches out to a website in another country. Traditional antivirus software is not equipped to detect and block such activity.

It’s very likely ransomware will rear its garish head in your agency this year. Decide in advance how you can best protect your data and how you’ll respond when the monster emerges.


Rodney Caudle is director of information security at NIC Inc., a provider of digital government and secure payment processing solutions for over 5,500 local, state and federal agencies across the U.S. Caudle has more than 20 years of experience in information security. 



To get connected and stay up-to-date with similar content from American City & County:
Like us on Facebook

Follow us on Twitter
Watch us on YouTube

Discuss this Blog Entry 1

on Jun 6, 2017

The First Commandment for protecting your critical systems from such attacks is:

"Thou Shalt Not Connect Critical Systems in Any Way, to the Internet!!"

Please or Register to post comments.

What's Viewpoints?

It features the Editor's Viewpoints and contributed commentaries.


Derek Prall

Derek Prall is a professional journalist who has held numerous positions with a variety of print and online publications including The Public Manager magazine and the New Jersey Herald. He is a 2008...

Jason Axelrod

Jason Axelrod is an award-winning journalist who has reported for The Seattle Times, The Arizona Republic, the Phoenix Business Journal and Mother Nature Network, among other outlets. Jason...
Blog Archive
We use cookies to improve your website experience. To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy. By continuing to use the website, you consent to our use of cookies.