If you are a member of the IAMU Safety Group Insurance Group, you can get coverage for such an event. Currently, only about 20% of all safety group members purchase the coverage. If your utility or municipality doesn’t currently have such coverage, be sure to ask your agent for more information.
According to the Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA), ransomware has rapidly emerged as the most visible cybersecurity risk playing out across the nation’s networks, locking up private-sector organizations and government agencies alike. And that’s only what is seen – many more infections are going unreported, ransoms are being paid, and the vicious ransomware cycle continues. Organizations are strongly urged to consider ransomware infections as destructive attacks, not an event where you can simply pay off the bad guys and regain control of your network.
According to CISA, ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Ransomware can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities. Recovery can be a difficult process that may require the services of a reputable data recovery specialist, and some victims pay to recover their files. However, there is no guarantee that individuals will recover their files if they pay the ransom.
Helping organizations protect themselves from ransomware attacks is a chief priority for the CISA. The agency has assisted many ransomware response and recovery efforts, building an understanding of how ransomware attacks unfold, and what potential steps can be taken to better defend systems. But there is also a recognition that there’s no such thing as perfect cybersecurity, and ransomware infections can still happen. The agency has also developed recommendations to help organizations limit damage and recover smartly and effectively.
RANSOMWARE MITIGATIONS TO HELP YOU DEFEND TODAY AND SECURE TOMORROW
The CISA recommendations outline three sets of straightforward steps any organization can take to manage their risk. These recommendations are written broadly for all levels within an organization. It is never as easy as it should be, so if your organization needs help, the agency urges you to reach out for assistance – CISA is here to help, but so is the FBI, numerous private sector security firms, state authorities, and others.
- Backup your data, system images, and configurations and keep the backups offline.
- Update and patch systems.
- Make sure your security solutions are up to date.
- Review and exercise your incident response plan.
- Pay attention to ransomware events and apply lessons learned.
Actions to Recover If Impacted – Don’t Let a Bad Day Get Worse
- Ask for help. Contact IAMU immediately. You may reach Russ Saffell, Director of Member Security & Critical Infrastructure Protection at 515.289.1999 or 515.988.8686 (cell).
- Isolate the infected systems and phase your return to operations.
- Review the connections of any business relationships (customers, partners, vendors) that touch your network
- Apply business impact assessment findings to prioritize recovery.
Actions to Secure Your Environment Going Forward – Don’t Let Yourself be an Easy Mark
- Practice good cyber hygiene; backup, update, whitelist apps, limit privilege, and use multifactor authentication.
- Segment your networks; make it hard for the bad guy to move around and infect multiple systems.
- Develop containment strategies; if bad guys get in, make it hard for them to get stuff out
- Know your system’s baseline for recovery.
- Review disaster recovery procedures and validate goals with executives.
For more information on ransomware, visit the CISA Resource Page on Ransomware (www.us-cert.gov/Ransomware). Victims of ransomware should report it immediately to CISA at www.us-cert.gov/report, a local FBI Field Office, or Secret Service Field Office.