TIED UP AND HELD FOR RANSOM
Government agencies are under attack by hackers who are using a combination of malware, phishing and social engineering to wring money from their victims
By Karen Epper Hoffman
Just as real-world criminals might kidnap the scion of a wealthy family or a high-level busi- ness executive to hold for ransom, their digital counterparts have quickly discovered a prof- itable if nefarious money-making endeavor with even less risk: ransoming government information.
Ransomware schemes rely on a type of mal- ware that in this case encrypts users’ docu- ments and thereby blocks access to their files or systems. The ransomware is typically de- livered to agencies via an email message that contains malicious code in the form of a link or an attachment that, when clicked on, deliv- ers the malware.
Locked out from their files or networks, le- gitimate users will often pay a ransom of sev- eral hundred or even a few thousand dollars, usually in untraceable virtual currency such as bitcoins, to have the cybercriminals unencrypt their files or restore their access.
And although ransomware exploits have been on the rise for all manner of private- and public-sector victims, government agencies
might be finding themselves directly in hack- ers’ crosshairs.
“I think that ransomware is a growing prob- lem for everybody but certainly state and lo- cal governments,” said Mark Weatherford, senior vice president of vArmour and former deputy undersecretary for cybersecurity at the Department of Homeland Security. “These crimes don’t know any bounds with respect to victims, and the pickings are easy with local governments.”
A LACK OF RESOURCES
Why would hackers target state and local gov- ernment? Larger agencies, like larger compa- nies, have the resources to invest in the tech- nology, training and safeguards to minimize the risk of such attacks, Weatherford said. However, smaller agencies (like small and midsize businesses) often don’t have the mon- ey or staff to avoid or combat those exploits.
“When I say the pickings are easy, I mean that most small government organizations struggle with the resources to do IT and han-
GCN AUGUST/SEPTEMBER 2016 • GCN.COM 29