Tips for Preventing and Addressing Ransomware Attacks at Your Government or Casino

Frederick K. Taylor | Partner | fred.taylor@procopio.com

Ransomware is a particularly nasty breed of malicious software which, once downloaded and executed, will encrypt files and bar access to a wide array of computer systems. Tribal entities can be particularly attractive targets for ransomware attacks because of their operations of both governmental entities and casino operations.

In March 2018, the City of Atlanta was hit by a ransomware attack that seized its digital infrastructure and ground vital services to a halt. The court systems, water department and police department were all impacted. Police officers had to file paper reports for days after the initial attack. The attackers initially demanded over $50,000 in Bitcoin payments. The city refused to pay the ransom, but eventually paid over $6 million for recovery and upgrade costs, and may eventually have spent over $17 million.

Earlier this year, slot machines at several casinos from Louisiana to Oklahoma appear to have been the target of possible ransomware attacks that also showed that the attackers had access to a wide range of their operations. A computer analyst stated to Computer Business Review magazine that “[i]f someone wants to hack a casino, it’s surprisingly easy. . . they don’t segregate their networks properly, you’ll be able to interact with all kinds of machines, from the slot machines to even the card shufflers and camera systems.”

Accordingly, it is especially important for Tribal entities to protect and prepare themselves for such attacks. Here are a few things that can be done on the front end to prevent such attacks:

• Keep all operating systems and programs up-to-date (especially making sure that the latest security patches are installed).
• Back up data in a secure and recoverable manner (and stress test the backups to ensure that you can retrieve your data!).
• Limit access to sensitive data to employees for whom access is critical to operations
• Perform cybersecurity review and risk assessments, including penetration testing every six months.
• Evaluate what systems are most critical to protect from distributed denial of service attacks (DDoS).
• Train employees on security awareness stressing the importance of strong passwords and avoiding clicking on attachments/links in emails.
• Establish relationships with cybersecurity lawyers and local law enforcement cybersecurity divisions.
• Speak with your insurance broker about whether cybersecurity and ransomware attacks are appropriately covered.

If your organization is unfortunate and is hit with a ransomware attack, here are some of the important things you’ll want to do:

• Contact law enforcement, your insurance broker, your cybersecurity counsel and a computer forensics consultant.
• Secure your backup data and make sure it has not been compromised; you can then consider taking your backup data offline to ensure its safety.
• Determine the extent of the intrusion and isolate the data that has been impacted.
• Require “proof of life”; you want to ensure that the attacker actually has the ability to retrieve your data. In many cases, attackers have acquired a piece of ransomware that they don’t know how to operate.
• Hire an experienced ransomware negotiator if necessary to navigate through the possibility and execution of paying the ransom; you should also be consulting with your insurance broker, counsel and law enforcement in this process

Overall, the best offense is a good defense. With proper planning upfront, you can greatly reduce the probability of a ransomware attack. But, if you are attacked, remain calm and implement a plan which considers the tips mentioned above.

 

Frederick K. Taylor is a Co-Leader of Procopio’s Privacy and Cybersecurity practice group and a member of its Native American Law practice group. Fred represents clients in a wide variety of industries including high technology, Internet and electronic commerce, financial institutions, chemical companies, public entities and Native American tribes. His practice focuses on litigation in the areas of intellectual property, financial institutions, complex commercial disputes, environment enforcement defense and Native American issues. He can be reached at 619.515.3279 or at fred.taylor@procopio.com.