RSA Conference Preview: How Local Governments Can Fight Ransomware

Ransomware is a growing problem. Just consider a few facts:

• The average ransomware breach costs $4.52 million in damages and resolution costs.
• The number of reported ransomware incidents grew 37% year-over-year, and the costs from an incident increased 147%.
• A ransomware attack occurs every 11 seconds, and ransomware was projected to cause $20 billion in global damages in 2021.

Ransomware is also everyone’s problem. In recent years, groups in every sector have experienced high-profile ransomware breaches — and that includes the public sector.

In 2019, the City of Baltimore suffered a ransomware attack that cost it more than $18 million and forced it to suspend municipal services. And — unfortunately — this was not an isolated incident but further evidence of a growing threat.

On March 30, 2022, the FBI released a notification that ransomware attacks are straining local US governments and other public sector entities. The notification highlighted multiple instances where ransomware closed public offices, took systems and services offline, and led to gigabytes of data being stolen.

Thankfully, ransomware is not an unstoppable force. Local governments can build effective defenses that reduce the risk and impact of ransomware breaches. And in this blog, we’ll help you do just that. To do so, we’ll walk you through:

• How our public sector forum at RSA can help you overcome ransomware
• What steps you can take today to start building ransomware defense
• How Tanium can help you quickly bring this framework to life

How the RSA conference can help you fight ransomware

The RSA Conference has been the world’s leading cybersecurity event for many years. It offers a wide range of opportunities to learn about cybersecurity best practices, demo next-generation security products, and network with peers in the industry and vendors and partners whom you might want to work with.

The 2022 RSA Conference is occurring from June 6 – June 9. The live event will be held at the Moscone Center, but attendees can also attend many of the conferences’ events remotely through their digital access option.

This year’s conference will span many different topics, with dozens of sessions focused on how to fight ransomware and a full day devoted to the public sector.

We consider RSA one of the most important annual events for the cybersecurity community, and we are proud to sponsor and contribute to this year’s conference. We are platinum sponsors for Public Sector Day and will be present throughout, including as co-sponsors of the June 7 vArmour concert and of the June 8 Optiv cocktail reception. We would love to see you there if you are attending either.

In addition, we are hosting a panel that will help local governments fight ransomware. It’s happening on Public Sector Day, June 6, from 12:50 – 1:25 pm, and it is titled Ransomware: Engage Elected Officials Before the Incident.

Here’s what you’ll learn during the panel.

Learn how to stop ransomware at our public sector forum

In this panel, we’ll talk about one of the big challenges that public officials face. You know that fighting ransomware is important, but it’s hard to prioritize building up your cybersecurity. You have so many competing priorities to deal with every day that you never seem to get the chance to improve your defenses… until it’s too late, and you’ve already suffered an incident.

We’re hosting this panel to help you avoid this common situation, and to develop what you need to build effective ransomware defenses before you get hit. To do so, this panel will discuss:

• The risks that a ransomware attack can pose to a local government
• What you can do to limit the impact of a ransomware attack you might suffer
• How you can engage with elected officials to build these ransomware defenses before you suffer an incident

Our panel will be moderated by Chris Cruz, who is one of our experts on how to defend the public sector against attacks like ransomware. Cruz will lead a panel of cybersecurity leaders in local government, including Michael Makstman (CISO for the City & County of San Francisco) and Greg McCarthy (CISO for the city of Boston).

We know this panel will help you design and get the green light for an effective anti-ransomware security program, and we hope to see you there.

But for a taste of some of the anti-ransomware techniques we may discuss, and for an idea of what you can do to improve your defenses starting today, read on.

A practical framework to fight ransomware

Ransomware is a complex, multifaceted attack pattern. It begins long before the attacker sends a ransom note and can continue long after the victim either pays the ransom or attempts to evict the attacker.

To fight ransomware, you must build a defense that is just as complex and multifaceted as the attack itself. You must deploy a wide range of defensive capabilities at every stage of the attacker’s campaign.

Here’s a practical framework that outlines some of the main capabilities and steps required to fight ransomware. This overview will give you a good idea of what it really takes to effectively fight ransomware before, during, and after an attack.

Before the attack, the attacker develops intelligence, control, and leverage to put you into a challenging position. To prevent this, you must raise the barrier of entry into your network. Specifically, you must:

• Establish continuous visibility into your endpoints and their activities
• Remove known vulnerabilities on your assets through strong cyber hygiene
• Proactively hunt for indicators of compromise (IOCs) that suggest an undetected attack is in progress

During the attack, the attacker creates as many problems for you as possible before they send the ransom note. To fight them, you must remediate the attack and evict the attacker as quickly as possible. Specifically, you must:

• Uncover the attack’s root cause, lateral spread, and compromised assets
• Close other vulnerabilities in your environment to contain the attack’s spread
• Evict attackers and regain control of your systems without significant data loss

After the attack, the attacker may launch additional attacks, either from a hidden remaining foothold or from a new breach. To stop them, you must harden your environment against the attacker. Specifically, you must:

• Find and close remaining instances of the vulnerabilities the attack exploited
• Find any remaining foothold the attackers might still have and evict them
• Continuously improve the overall health and security of your environment

In sum: There is no “silver bullet” to fighting ransomware. However, the steps you must take are all relatively simple — especially when you deploy the right tools.

How to use Tanium to fight ransomware

At Tanium, we provide a converged endpoint management platform. Our platform provides real-time visibility and control over endpoints across modern distributed networks and fits neatly into a broader security strategy and larger ecosystem of anti-ransomware tools.

On its own, Tanium can help you fight ransomware at every stage of an attack.

Before the attack, Tanium creates near-perfect cyber hygiene that reduces your attack surface, reduces the chance of suffering a breach, and limits the potential spread of any ransomware attack that you experience. With Tanium, you can:

• Create a comprehensive, real-time inventory of your endpoints
• Patch, update, configure and control your endpoints in hours or days
• Perform continuous scans and real-time spot searches for specific IOCs

During the attack, Tanium can investigate incidents in near real-time, and rapidly apply controls to evict the attacker. With Tanium, you can:

• Map the entire attack chain and identify which assets were compromised
• Identify other assets vulnerable to the attack and proactively harden them
• Confidently negotiate, knowing you can evict the attacker without compromise

After the attack, Tanium can learn from the attack and harden the environment against a second strike or a similar attack pattern. With Tanium, you can:

• Find and close remaining instances of the vulnerabilities the attack exploited
• Scan for remaining traces of the attackers and confidently evict them in full
• Improve your fundamental cyber hygiene to reduce the chance of any breach

In sum: While there’s no silver bullet to stopping ransomware, Tanium gives you a comprehensive solution that can dramatically improve your defenses in record time.

Let’s fight ransomware together

Ransomware is not going away. You must build an effective defense against this growing threat today. To do so, take the next step to secure your network.

Register: If you are attending RSA, click here to register for our event.

Learn More: Read our comprehensive eBook on how to stop ransomware.

Explore Tanium: Reach out for a 1-on-1 consult and demo of our platform.