On a daily basis, news outlets report on high-profile ransomware attacks, typically involving large enterprises — the kind of entities ransom attackers can target for big scores. While these cases can be alarming, especially when they involve millions of dollars, they don’t tend to impact the lives of most people outside the targeted organization. Unfortunately, ransomware attackers are increasingly turning to targets that are often far more vulnerable — and far more dangerous: government entities.
CNN reports on two recent examples of ransomware targeted to government entities in Albuquerque, New Mexico. The city’s public school system, including 144 schools that serve a quarter of the state’s public school students, was forced to close for two days because of a Jan. 5 attack on systems that “could impact teaching, learning, and student safety,” CNN reported.
In the meantime, CNN reports, another ransomware attack was launched on Bernalillo County, home to Albuquerque. In this instance, county residents weren’t able to file mortgages, according to the New Mexico Association of Realtors. More alarming, Bernalillo County’s jail experienced outages that took down the facility’s security cameras and other other technology, forcing a temporary lockdown. The hack also included the breach of an inmate incident report database.
The two Albuquerque ransomware attacks proved more disruptive than imminently dangerous, but ransomware attackers can pose serious risk to hospital systems, 911 dispatch centers, power grids, and other essential governmental services. So-called “killware” targets the real-life health of victims — an issue the Department of Homeland Security has identified as the “next breakout Cybersecurity threat.”
Ransomware attackers often find government networks to be lucrative sitting targets that are often largely left unprotected against modern threats. As CNN reports, state and local governments tend to lack enough money and personnel to effectively mitigate these threats. A 2019 attack on the city of Baltimore took down the city’s water-billing processing capabilities for more than three months, according to The Baltimore Sun. Ultimately, the city predicts, it will cost at least $18 million to clean up the mess left behind.
MixMode vs. Ransomware
No tool can entirely prevent ransomware, but MixMode is a powerful weapon in the enterprise Cybersecurity arsenal. The platform employs advanced, third-wave AI to analyze data streams within and across every network entry point, establishing a generative baseline of expected network behavior as it evolves. SOCs equipped with MixMode gain insight into granular details like what users are clicking on, whether firewalls are performing adequately, and the effectiveness of newly installed security fixes.
Unlike legacy platforms, MixMode examines intercommunication and incorporates these behaviors into its continually evolving baseline, allowing it to identify attacks as soon as a deviation of observed behavior occurs. The platform is capable of identifying attacks like the headline-making Colonial Pipeline ransomware attack, which took down the largest fuel pipeline in the U.S. and led to gas shortages across the East Coast. Security teams were left almost completely in the dark about the genesis of the attack, including how and where it was happening, leading to a complete “denial of services” to their fundamental operations technology.
In real-time, MixMode can detect even seemingly small deviations from expected network behavior, like unusual email activity and embedded attachments that can be detected and reported on for further evaluation. Retroactive log-based solutions like SIEM are no match for modern ransomware attackers. Instead of waiting for an infection to be spread far enough to be detected and alerted on — a process that can take days or weeks — MixMode delivers alerts within minutes.