Some state and local officials have said they’re getting better at responding to ransomware incidents, as the list of victims gets longer seemingly every week. But people in the government cybersecurity community are also increasingly resigned to the fact that being attacked with extortion malware isn’t so much a possibility as an inevitability.
During a CyberTalks panel Friday, New Jersey Chief Information Security Officer Michael Geraghty said the statewide fusion center he runs has detected at least 40 ransomware incidents across state, local and private-sector entities in 2020 alone.
What’s changed, though, he told CyberScoop’s Sean Lyngaas, is that governments, after being walloped for the last several years, are trying to be better prepared by crafting detailed response and recovery plans and building partnerships with public- and private-sector partners.
“Having an incident response plan is really important,” he said. “But making sure you have those connections and networks. There’s lots of assets we can bring to the fight in terms of remediating. Then there’s the law enforcement and hopefully prosecution later on.”
Rachel McEneny, the commissioner of administrative services for Albany, New York, spoke from experience in recounting a March 2019 attack that took down multiple city services, including vital records and municipal payroll systems. She recalled racing to mount a response.
“I received a call at 5 a.m. on a Saturday from my IT director,” she said. “As soon as I hung up the phone, your mind starts wondering if this is going to affect traffic signals, 911, you really do pop out of bed. This is no different than any type of disaster like hurricanes.”
McEneny said Albany official were able to shut down IT systems “within hours,” though city workers had to spend several days completing tasks with pens and paper instead of their office computers. And while most affected systems were restored within the first few days, digital records for birth and death certificates were offline for months, she said.