Cybersecurity officials warn state and local agencies (again) to fend off ransomware

A uniformed police officer stands outside a courthouse with a rotunda.

Enlarge / Georgia State Police and Capitol Police had their laptops taken offline by ransomware in the latest of many attacks on state and local government agencies. (credit: Scott Olson / Getty Images)

Yesterday, the Georgia Department of Public Safety revealed that laptop computers in state police and Capitol police vehicles—as well as laptops used by Georgia’s Motor Carrier Compliance Division (the officers who operate trucking scales and safety spot checks)—had been taken offline by ransomware. The attack comes a week after Louisiana Governor John Bel Edwards declared a statewide emergency after “a malware attack on a few North Louisiana school systems,” bringing state resources to assist in the response. And also last week, the city power company in Johannesburg, South Africa, was hit by ransomware, taking down payment systems and causing power outages.

These are just the latest episodes in a long line of state and local government organizations that have fallen to ransomware attacks. As Louisiana was declaring a state of emergency, the Board of Estimates of the City of Baltimore was approving $ 10 million in spending to recover from the city’s nearly month-long IT outage caused by the RobbinHood ransomware. So today, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Governors Association (NGA), and the National Association of State Chief Information Officers (NASCIO) issued a warning urging organizations to take immediate steps to protect themselves against ransomware attacks. The hope is that state and local agencies will heed the warning and blunt the damage being done by recent ransomware variants.

The three steps urged by CISA, MS-ISAC, NGA, and NASCIO are fairly basic security hygiene: run daily backups, train staff on “cybersecurity awareness,” and “revisit and refine cyber incident response plans.” Unfortunately, these three steps may be beyond the capabilities of the organizations most likely to be hit by ransomware—school districts, government agencies, and small and mid-sized businesses that have IT budgets that place them below the information security poverty line.

Read 5 remaining paragraphs | Comments

Biz & IT – Ars Technica