AZ League Connection

The League's Monthly Online Newsletter

Issue 197: September 2019

Legal Corner – Ransomware Attacks: What You Need To Know

According to the Department of Homeland Security (DHS), “ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.” https://www.us-cert.gov/Ransomware.

Ransomware is becoming more prevalent and often governments are a primary target due to less preparation and technical vulnerabilities because computer systems may not be updated with the latest security measures. There is a lot at stake when a government entity is targeted. Governments maintain sensitive information and a compromise of the system may also impact services to the general public.

While no city or town can safeguard against all attacks, it is important to have a plan in place if your municipality is affected by a cyber-attack and demand for ransom.

Avoiding an Attack - Be Prepared

The first step is assessing your risk for a cyber-attack by determining your level of preparedness and ascertaining potential vulnerabilities. Additionally, DHS recommends information and technology staff regularly update software and operating systems since outdated applications and operating systems are attractive targets. All staff must be trained to not click on links or open attachments in unsolicited emails and to backup data on a regular basis. Urge employees to be skeptical of malicious emails that appear to come from co-workers but that request that you click on unidentified links. Other information to consider is determining where your physical servers are located, what devices access the network, and ensuring the infrastructure is secure.

Prior to any attack, it’s important to determine if your insurance covers a cyber-attack or if your city or town needs specific coverage. Securing coverage ahead of time when you have time to properly prepare and evaluate policies will assist your city or town to negotiate the best rates and assess what coverage is necessary based on the risk. If you are a member of the Arizona Municipal Risk Retention Pool, specific information on Cyber Risk Coverage is available.

Additional preparatory services to consider are public notification assistance, forensics evaluation, and public relations crisis management. It is also recommended that if your information is stored on the cloud and outsourced to a vendor that any subcontracted cloud providers are also secure and insured.

Develop a public relations plan that includes how to handle public records request for information that might compromise security efforts. If an attack occurs, designate one person to talk to the media coordinating with law enforcement so all information provided to the public is consistent and does not impede the investigation.

If Your City or Town Is Targeted

Whether you have a plan in place or not, it is imperative to contact the authorities. Law enforcement discourages paying the ransom because there is no guarantee that your data will be unlocked or that the perpetrators will not repeat the cyber-attack again because your original vulnerabilities still exist and your city or town has indicated a willingness to pay. Further, paying the ransom only fuels further attacks on other victims.

It is also important to plan how your city or town will deliver services manually until electronic systems are operational after an attack. This includes using paper forms or documents that should be stored in an accessible physical location with information to implement emergency plans.

Additionally, most perpetrators have been monitoring or had access to a system for days prior to the attack and will monitor your communications during a crisis. For example, if your phone system is internet-based, holding conference calls to discuss crisis management may alert the perpetrators to your plans.

Conclusion

Ransomware attacks are becoming more frequent and now is the time to develop a plan to manage any potential situation prior to an attack occurring in your city or town. Additional information and resources are available at https://www.us-cert.gov/Ransomware.

 

azleague.org

Follow us:

League of Arizona Cities and Towns
1820 W Washington Street
Phoenix, AZ 85007

Phone: 602-258-5786
Fax: 602-253-3874
Email: newsletter@azleague.org