Knoxville, Tennessee was hit with a ransomware attack that took place between June 10 and June 11. In response to the attack, IT staff shut down affected servers and took down the city’s network from online, resulting in downtimes for the city’s internal IT network, public website, and more. Emergency services such as the police and fire department were unaffected. The city officials are still investigating the incident.
State services (that state governments heavily rely on to generate revenue) have been largely shut down for roughly a quarter due to the COVID-19 pandemic, and a ransomware attack like the one impacting Knoxville is just another setback in reopening, causing further financial damage.
Cybercriminals tend to target organizations that require the least effort to hack for maximum profit, and state and local governments usually fit the bill. These smaller government agencies often chug along old legacy infrastructure, and that old legacy infrastructure is easy for bad actors to exploit.
Furthermore, many government agencies are now providing their services online to maximize efficiency, so citizens can conveniently pay off their parking tickets and taxes or even manage their motorist licenses online. However, most government entities are faced with limited IT resources, budget constraints, and internal personnel may not have the expertise to operate new technology efficiently, let alone ensure its security. Therefore, most of the workload gets outsourced to third parties. That said, not all third-party contractors are created equal when it comes to security. For a government agency, the strength of cybersecurity is only as good as the security of the contractors they select, and many do not leverage advanced (and therefore more expensive) tools available, thereby introducing additional risk.
Ransomware is a tremendously growing threat with more powerful variants and strains that are constantly emerging. And there are more capabilities for it to be remotely (and confidentially) managed. Government organizations must steer away from solely reacting to cyberattacks as they happen and instead take a more proactive approach to security.
The best way to defend against ransomware is readiness and timely response. Cyber threat intelligence should inform what methods a modern ransomware would take and if your organization has a credible defense investment. Organizations must have a comprehensive network segmentation strategy in place to quarantine an outbreak to a localized facility or business unit. Additionally, government agencies and all other organizations should employ modern solutions that allow security teams to continuously test the effectiveness of their security controls, as well as exercise an incident response plan that can be emulated when a real threat occurs.