A federal cybersecurity agency and state government associations issued guidance Monday on protecting city, county and state governments from the growing threat of a ransomware attack.
A coalition of state government associations and federal cybersecurity agencies Monday urged state and local governments to take preventative action to protect their information technology systems from ransomware attacks.
Ransomware attacks have wreaked havoc on American cities small and large in recent years, costing municipalities millions in damage, ransom fees, and lost revenues.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Multi-State Information Sharing and Analysis Center, the National Governors Association, and the National Association of State Chief Information Officers issued the guidance. They say local governments can take three steps to improve resilience against ransomware:
- Regularly back-up all critical agency systems and store the back-ups offline.
- Reinforce basic cybersecurity awareness among employees and remind them how to report incidents.
- Revisit and refine cyber incident response plans, as well as have a clear plan in place to address a cyberattack when it occurs.
“Through this collective action, we can better protect ourselves and our communities, and further advance the cyber preparedness and resilience of the nation,” the groups said in a statement.
One ransomware attack on Baltimore this year is expected to cost the city $18 million. Earlier this year, two Florida cities paid hundreds of thousands of dollars in ransom fees in efforts to recover their data. At least 170 city, county or state governments have experienced a ransomware attack since 2013, according to the U.S. Conference of Mayors, which this month adopted a resolution opposing ransomware payments.
“The growing number of such attacks highlights the critical importance of making cyber preparedness a priority and taking the necessary steps to secure our networks against adversaries,” the groups said. “Prevention is the most effective defense against ransomware.”