This week the Georgia Court system suffered a ransomware attack. This comes on the heels of Baltimore, Riviera Beach, Lake City, Key Biscayne, Mecklenburg County, Atlanta…
Not only were the ransomware attacks successful, in that the attack was able to install and encrypt the data, many of the attacks led to the government paying out the criminals in order to retrieve the data. These attacks would not have been successful had proper backups been in place and security controls been deployed.
Ransomware is bad. It is nasty and ugly, but highly successful. For years, governments, and businesses around the world have fallen victim to these attacks. Large scale attacks, such as the Baltimore and UK Health Departments, have made the majority of the publicity. However, cities suffer from this type of attack every week. Mostly because the warning signs are not being listened to.
I can cut through the noise real quick. If you have data that needs to be available, it needs to be backed up. Regardless of ransomware targeting you, you will lose the data if it is not protected. Anyone that has worked in a business before knows the effects of losing data. Eventually, data loss will happen because of equipment or user failure. Ransomware is simply not effective, and will not work at all, if data isn’t backed up. If you have backups and ransomware is installed, you just restore the data. End of story. No money ever needs to be paid.
Failing to protect data, in which the citizens depend on, is a negligent act done by the government. And when a government then has to pay out money to criminals in order to retrieve the data, it is negligence with tax payer money. Taxes are not paid to governments to filter it to criminals. Citizens trust you are doing what is necessary to protect the data that you are entrusted with. When you, as a government, pay out money to thieves you are endorsing their behavior.
And don’t forget the only reason the money was paid to begin with is because the government failed to back up the data. I hope these governments fire the people responsible for not backing up the data. If it was due to a city manager or elected official holding up the process, they need to be gone so the IT teams can do their jobs.
Any citizen knows, you need to keep track of your documents. If I lose tax paperwork, my drivers license, county documents, etc. I will have to deal with the consequences.