eGov Today

News and Insights from NIC Inc.

  • Worried About A Ransomware Attack Where You Work and Live? You’re Not Alone

    By Jayne Friedland Holland | | Posted in Cybersecurity

    In ​guarding ​against the ​fast-​growing ​threat of ​cyber ​extortion, municipalities would do well to consider these five tips.

    For many U.S. government entities intent on keeping their data secure, these days have been nothing short of a nightmare. Targeted ransomware attacks vs. municipalities are real, and they’re on the rise. Over the past two years, in fact, more than 50 U.S. cities, large and small, have been victimized by ransomware attacks, costing them millions of dollars to pay off the perpetrators, untangle themselves and restore vital data systems.

    Perhaps you’ve spotted these troubling stories, among others, in recent news headlines:

    • In Baltimore, a ransomware attack by anonymous hackers has paralyzed that city’s digital systems, freezing emails, stopping online payments to city departments and blocking real estate transactions. The city has refused to pay the $100,000 crypto-currency ransom.
    • The Riviera Beach, Florida City Council took a different approach; they agreed to pay nearly $500,000 in ransom, plus another $25,000 for an insurance policy deductible, to get their email and computer systems up and running. Those systems had shut down after someone in the police department opened an infected email.
    • Press reports say the city of Atlanta has spent more than $2.6 million to recover from last year’s $50,000 ransomware scare that had disrupted the city’s municipal operations.

    While governments debate the merits of paying ransoms or not paying them, and IT professionals discover and implement new ways to safeguard data, one thing is for sure, these types of attacks against governments are bound to continue for the foreseeable future. To complicate matters, local municipalities don’t always have the resources to secure the data that’s relied upon to service citizens.

    And so, the question becomes, what smart steps can governments take TODAY to best guard themselves against these types of attacks? At NIC, where we provide secure digital solutions to support our government partners, we’ve given this some thought. Local municipalities would do themselves a favor to keep these considerations in mind as they protect themselves against the growing spate of ransomware attacks:

    Take These Five Steps Today In Guarding Against A Ransomware Attack

    1. Know your agency’s position on paying the ransom.

      Payments for ransoms are typically demanded in some form of cryptocurrency such as bitcoin or monero. This can raise logistical issues if you are unfamiliar with the lingo, how to purchase bitcoins or do not have a free computer available. Learn how to navigate those waters up front. Most important, have a thoughtful dialogue today to decide upon an approach in the event of a ransomware attack. If you decide to pay the ransom, like the City Council in Florida agreed to do as recommended by its insurance company, remember that paying the ransom does not guarantee success. History is littered with examples of paid ransoms without the expected results.  If the computer systems are returned, they would be in the same state as before becoming infected. They could still be under the control of the attacker or vulnerable for another attack. Additional expenditures would need to be made to guarantee restoration of the systems to a good state without the risk of re-infection by the same or different attacker. 

      Finally, paying the ransom could encourage future attacks on more victims, especially if victims continue paying the larger payments.  However, paying the ransom may be the fastest way to restore services that were degraded or nonexistent during the attack.  The discussions are complex and can take time to come to a resolution, so it’s important to have these conversations proactively.

    2. Deploy a next-generation, anti-malware solution.

      We’ve seen that traditional, signature-based anti-malware approaches don’t adequately protect governments against ransomware.  Look for a solution that can detect current vectors of attack and offer timely alerts. Presently, the most common technique used is the execution of the PowerShell automation platform and scripting language from Word documents and other launch vectors used by attackers. We’ve found that behavior-based approaches that don’t depend upon signatures are most effective as a detection and/or deterrent to ransomware attacks.

    3. Invest in a comprehensive backup solution that includes versioning and point-in-time restoration.

      It’s wise to test the restoration of your backups as well as back up the data itself. That’s because, currently, attackers are going after encrypted backups. Or, the attackers will wait until the backups roll over and are backing up encrypted data before they engage.  The backup solution you find needs to support multiple versions and restoration from a point-in-time. It’s not enough to only have a seven-day rotational backup schedule.

    4. Consider “Ransomware-as-a-Service (RaaS)” which is available for purchase on the Dark Web.

      RaaS borrows from the Software-as-a-Service (SaaS) nomenclature by empowering malevolent parties who would normally lack the skills to execute a successful attack. This subscription-based solution leverages the asynchronous nature of cyber attacks, costing governments more to defend than paying for each attack. This is an emerging market, and new variants are constantly built as promising vulnerabilities are discovered. These RaaS “plans” offer graduated payments based upon the size of the ransomware campaign or  overall income produced.  Some services even offer fully staffed help desks with detailed instructions and how-to guides to guide victims through the process of paying the ransom.

    5. End users are your first line of defense.

      Perhaps the most effective way to protect against ransomware is thorough end-user training. Since attacks tend to begin through a malicious email received by end users, training those end users to protect themselves is an excellent mandatory requirement and best practice that, in the long run, will pay dividends for government agencies.

    President John F. Kennedy famously said, “The best time to repair the roof is when the sun is shining.” It’s easy for some municipalities to lull themselves into a false sense of security, thinking that, while prevalent these days, a ransomware attack just won’t happen to them.  They are too small to attract an attacker, so preparing to defend against cyberattacks can wait, or so the thinking goes. Our best advice: don’t fall for the idea that size matters. Look through the five steps listed above and talk them over with your friends in government.  There’s nothing like doing your best to prepare for the worst.

    For more information about NIC’s suite of information security solutions, contact Corporate Communications at or go to

    Jayne Friedland Holland is the chief security officer and an executive officer at NIC Inc. (Nasdaq: EGOV), the nation’s premier provider of innovative digital government and secure payment processing solutions for more than 6,000 local, state and federal agencies across the United States. More information about NIC is available at

    Add Your Comment


    Leave a comment