This is a blog piece that was created for the company blog site: http://blogs.mti.com/blog/stopping-ransomware-in-the-public-sector
In just over 10 years, ransomware has become a serious threat for many organisations across the world. In 2016, we have already seen a 300 per cent increase in attacks, which roughly equates to approximately 4,000 a day. Worse still, this figure is predicted to double year on year.
While there is no perfect solution to stop organisations from ever fully preventing these attacks, arming yourself with knowledge is the first and best defence to mitigate them should they arise.
Risk to the public sector
The public sector in particular is at risk from ransomware attacks. With a great deal of important and personal data stored in these organisation’s databases, the potential damage caused by workers being locked out of their systems can be significant.
In January 2016, Lincolnshire County Council shut down its entire IT network after a new strain of ransomware demanding £1 million was found to have penetrated the system. This new malware forced the council to shut down to protect personal data – including those it provides social care for.
Triggered by one user, and on a system that was up-to-date with the latest protection, the intrusion meant that operations were left without any IT for a number of days, which of course has a knock on effect for service delivery.
The above example, along with a recent spate of attacks against hospitals in the US, Canada, Germany and New Zealand, show that public sector organisations in wealthy countries are amongst those at the highest risk, presumably due to the greater likelihood of them being able to pay the ransom.
Knowing the threat
Ransomware is a form of malware that can affect a device without the user knowing. The first instances of ransomware came to attention in 2005 and were comparatively crude. However, in the following 11 years, it has become far more sophisticated as hackers re-invest profits into new malware.
Recent evolutions have seen the virus become more effective and hard-line. Some now include a sleep timer, which means that the encryption process can begin at a time of the virus writer’s choosing and be executed over an extended period, which also makes it harder to notice.
The Petya strains of the virus, which came to light in the first quarter of 2016, takes encryption to a new level. Discovered after emails with Dropbox links to download a file containing ransomware were found, Petya encrypts the hard disk itself, deleting the backup files which were previously used as a solution to counter-act ransomware. It also avoids detection by signature-based anti-virus software, making it even harder to find.
This new strain could have massive implications for the public sector, leading to vital information being lost or even stolen while IT teams scramble to try and stop it from spreading across the whole system.
So how can councils, hospital trusts, and other public sector organisations protect themselves against this threat and remain online?
The attack on Lincolnshire County Council happened because a new strain of the malware had not been encountered before, therefore there was no protection against it. It was also a human error, as it took only one person downloading it onto their system to cause a significant issue.
While IT professionals are always trying to stay ahead of the game, there is no form of protection that is 100 per cent perfect all the time, especially when human error is factored in.
The main solution to mitigating attacks lies in educating staff to understand why security processes are in place, and what happens when they circumvent them or use applications not authorised by the company, for example, downloading files from unknown contacts via Dropbox.
Alongside educating staff, IT departments should enact a principle of least privilege when it comes to local administrators. This will be essential in ensuring that if a device is infected, the information it can encrypt will be minimal and does not spread through the system.
There also needs to be a protocol in place for when an attack does happen. Directors need to work with their IT departments to come up with a plan of action, deciding whether or not to take the precaution to shut down systems, to go public with the attack or keep it in-house and – crucially – if the ransom should be paid.
Ransomware is pervasive and very dangerous for public sector organisations, considering the sensitive data they hold, so education is vital. Get the knowledge and learn more best practises in our complete guide to ransomware by downloading it here.