Why Are Government Agencies Increasingly Being Targeted by Ransomware Attacks?
Government agencies are increasingly being targeted by ransomware attacks for several reasons.
For a ransomware attack to be successful, you have to create a sense of urgency and significant impact or pain. Government agencies are an ideal target because their services are things that taxpayers have already paid for and cannot go to alternatives if they become unavailable.
Government officials are under pressure and that pressure builds quickly when city services become affected. The cost of a ransomware attack on a city like Johannesburg will quickly reach into the millions of dollars in outsourced services, security specialists contracted to get systems back up and running, but also in soft costs.
At the point where the attackers made themselves aware to city officials they will have already been in government systems likely for months doing reconnaissance, finding critical systems, and staging for the attack. Attacks like this will often use a combination of tactics from exploiting vulnerabilities in software, running malicious applications to create backdoors or further compromise systems, and gaining access to privileged accounts so they could use valid credentials and system tools that are expected to further move about the environment undetected.
To combat threat actors like this you need to target the tactics and tools they use to head them off and slow them down. Basic cyber hygiene guidance that can be found in frameworks like the Center for Internet Security’s Critical Security Controls can mitigate or eliminate much of the threat we face today. Discovery, Application Control, Patch Management, Privilege Management. Effectively implementing these security controls that are all in the CIS Top 5 can provide much of this defense, but should be balanced with an effective Detect and Response capability.