August 20, 2019 (Lubbock, Texas)
Federal cybersecurity agencies are partnering with state government associations to urge both state and local governments to be vigilant and take action to guard their information systems from the burgeoning incidents of ransomware attacks.
Ransomware attacks have cost businesses, and now local governments, millions in lost revenues, ransom fees, and other damage in recent years.
Affected municipalities include larger cities like Baltimore, Maryland, and Atlanta, Georgia. But recently, that trend is changing and smaller cities are falling victim to ransomware. Latest on the list are two smaller cities in Florida, and currently 23 cities in Texas have been targeted. Today, Bolger, TX and Keene, TX both admitted that they are struggling with taking utility payments due to a coordinated attack the unfolded last week.
The Department of Homeland Security in alliance with the National Governors Association, the National Association of State Chief Information Officers and the Multi-State Information Sharing and Analysis Center issued a three-step guideline to expand normal everyday security measures against ransomware:
- Regularly back-up all critical agency systems and store the back-ups offline.
- Reinforce basic cybersecurity awareness among employees and remind them how to report incidents.
- Revisit and refine cyber incident response plans, as well as have a clear plan in place to address a cyberattack when it occurs.
“Through this collective action, we can better protect ourselves and our communities, and further advance the cyber preparedness and resilience of the nation, “ the groups said in a statement.
“The growing number of such attacks highlights the critical importance of making cyber preparedness a priority and taking the necessary steps to secure our networks against adversaries,” the groups said. “Prevention is the most effective defense against ransomware.”
Local government staff should be vigilant and plan for the following methods of attack:
- Phishing – Emails coming from known or unknown parties with embedded links or attachments. These email messages can be invitations to check gas prices, fill out a feedback form, or visit a website to win a prize. Sometimes friends unwittingly broadcast infected messages by forwarding jokes or other messages. Do not click on links embedded in emails from parties outside of your organization.
- Trojans – A similar concept as phishing, trojans can be attached to e-mails or even reside on web pages with “free” services such as fonts, desktop themes and screensavers. Be extremely cautious about downloading free files and services, they can often be infected with trojans.
- Network Services Exploitation – Keep systems updated often! Putting off upgrading to the latest and greatest versions of operating systems and other programs can open the door for malicious ransomware to take hold and infect the entire network, including servers holding precious data.
“Education of local government staff is key to the prevention of malicious attacks on municipal IT infrastructure,” says Brian Cook, the CEO of Fund Accounting Solution Technologies, Inc. (FAST). “Taking the time to show people what these vicious emails look like and how to quarantine or delete such messages is well worth the time taken. Internet browser security and virus protection is a great start, but personal vigilance makes all the difference against these malicious attacks.”
FAST’s FundView Cloud ERP solution offers a state-of-the-art data center with secure access from any internet connection. Upgrading to FundView eliminates the need for on-premise servers; updates and backups happen automatically – which lowers initial investment and recurring annual software cost.