Deterring ransomware for state and local government

According to FBI Director, Christopher Wray, when it comes to ransomware disruption and prevention, “…there’s a shared responsibility, not just across government agencies but across the private sector and even the average American.” At Elastic, we’re here to help state and local governments.  Ransomware attacks cost the U.S. government more than $18.9 billion in 2020 […]

According to FBI Director, Christopher Wray, when it comes to ransomware disruption and prevention, “…there’s a shared responsibility, not just across government agencies but across the private sector and even the average American.” At Elastic, we’re here to help state and local governments. 

Ransomware attacks cost the U.S. government more than $18.9 billion in 2020 alone. By taking a proactive security approach, state and local IT teams can make damage from ransomware a thing of the past.

But where should state and local IT administrators and analysts start, especially when there are resource constraints and competing priorities? At Elastic, we believe there are two proactive techniques that should be a part of every state and local government’s cybersecurity posture in order to stop ransomware attacks before spreading to data centers.

Early warning canary-based detections

Canary-based detection places hidden canary files at key system locations, providing IT teams with a high-confidence early warning system for suspected ransomware tampering. This advanced technique stops ransomware on Windows, and defends organizations from opportunistic adversaries like DarkSide and REvil. 

Canary-based detection is a critical layer of anti-ransomware available on the Elastic Agent in our Elastic Security 7.14 release. It complements behavioral ransomware, anti-malware, and Master Boot Record protections. As ransomware attacks become more advanced and numerous, Elastic Security research engineers continue developing new advanced protections like this, to fight fire with fire.

Searchable snapshots, spotting malicious activity with older data

What happens if a ransomware attack has taken a hidden foothold on a system, and perpetrators are picking their moment to extort the organization? In this case, it is best to have access to older data so that comparisons can be made between past and current activity to spot anomalies or malicious activity before it spreads throughout a data center. The same is true for malware that may be residing on a system.

Elastic’s searchable snapshot feature lets state and local agencies retain large data volumes, for years in a format that’s immediately searchable and cost effective. There is no need to go through the time-consuming or costly process of rehydrating old or migrated data. Instead, data is immediately available for audit or investigative purposes. The ability to look back at older data is essential to a proactive defense in depth approach.     

blog-elastic-security.png

 Searchable snapshots increase lookback duration for hunting, investigation, and compliance, and provide an affordable security solution for state and local government. 

Enact defense in depth in your agency

Due to the nature of a hyper digital world, cyber attacks have become more aggressive.  To thwart attackers, state and local agencies must enact a defense in depth approach. To get started, visit elastic.co/industries/public-sector/state-and-local or email: [email protected].  
Source: Elastic