Many of us grew up on movies where we heard the line, “The United States government does not negotiate with terrorists”. This was usually before some lone operative took down a massive organization on their own, while miraculously dodging thousands of bullets.
The “We do not negotiate” approach has been put to the test with the advent of ransomware, particularly when that ransomware targets U.S government entities.
New York senators recently introduced bills that will ban local municipalities and other government entities from using taxpayer money to pay ransomware demands.
One of the bills also proposes the creation of a state fund to assist local municipalities in improving their cybersecurity preparedness.
This raises a number of important questions, including what legislation currently exists around ransomware, and this legislation will impact the inevitable future ransomware attacks.
Ransomware: Global Problem With Local Impact
Steven Mebdelez writing for FastCompany drew attention to a map showing ransomware attacks on U.S government agencies. The map is disturbing: there isn’t a state in the U.S that hasn’t been affected by a ransomware attack (yes, including Alaska and Hawaii). 285 attacks in total have been documented.
The town of Albany was hit by ransomware and it cost $300,000 to rebuild their network – they refused to pay the ransom.
Government Technology described 2019 as “The Year Ransomware Targeted State & Local Governments”. Some of the attacks they chronicle included:
- Louisiana government declares a state of emergency after cyberattack.
- 22 Texas Towns Hit With Ransomware Attack In ‘New Front’ Of Cyberassault
- Hackers Are Holding Baltimore Hostage: How They Struck and What’s Next
- Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000
- Second Florida city pays giant ransom to ransomware gang in a week
- New Orleans Declares State of Emergency Following Cyber Attack
- Mississippi City Operations Disrupted By Ransomware
Clearly, government offices, particularly under-prepared and funded local government offices, are in the crosshairs of the attackers. What is being done from a legislation perspective?
Legislation Around Ransomware
To start with, Infosecurity Magazine reports that the Senate has passed a new law that demands the federal government increase its support for organizations hit by ransomware. Called the “DHS Cyber Hunt and Incident Response Teams Act”, it requires the Department of Homeland Security to dedicate teams to compromised organizations.
California was waging its own battle against ransomware. The Golden State passed a law that officially makes the use of ransomware illegal. Not that this will stop attacks – most of these originate from outside the U.S – but it shows that the threat is being taken seriously.
The U.S. Conference of Mayors adopted a resolution stating that it “stands united against paying ransoms in the event of an IT security breach.” This is largely symbolic, however.
Much legislation around ransomware deals with staying protected against ransomware in the first place. This is a wise move. LexisNexis shows that “At least 37 states have introduced legislation this year dealing with the cybersecurity of government agencies, 24 of which have enacted such measures”. Preventing ransomware attacks is the best way to solve this problem. It’s questionable as to whether legislation targeting ransomware payments will be effective in stopping this growing challenge.
Ransomware: Staying Protected
When it comes to staying protected against ransomware, prevention is better than cure – a cure, in this case, being either a ransomware payment or the expensive process (if possible) of recovering locked files.
Legislation is part of the battle, but the only effective way to guard against being infected by ransomware is by leveraging the latest technology to stay protected. For example, CenturyLink’s Beyond DLP™️ solution automatically protects organizations against ransomware threats, as well as other threats from external actors even when coming from the inside of the network from managed or unmanaged devices.
The CenturyLink Beyond DLP™️ solution automatically blocks and isolates a compromised endpoint, servers and unmanaged devices as the last line of defense.
To find out more, or to see how easy and affordable it is to integrate and use CenturyLink Beyond DLP™️ solution, get in touch with us.