When an emergency strikes, first responders’ instincts and training guide their reactions – but when it’s an emergency of the virtual kind, it can stop responders dead in their tracks. Emergency services across the United States have been finding this lesson out the hard way after ransomware attacks crippled their infrastructure, and, in many cases, left them unable to respond to 911 calls. Some commentators are describing it as an epidemic. In the first six months of 2019 alone, there have been 22 ransomware attacks on city, county, and state governments, according to the US Conference of Mayors. Ransomware attacks have struck agencies from Albany to Los Angeles and from Baltimore to Texas – in some cases, taking them off the grid. In this post we look at how first responders can avoid ransomware attacks directed against their mobile estate.
Ransomware disrupts 911 operations
For Georgia state patrol, the Georgia Capitol Police and the Georgia Motor Carrier Compliance Division, laptops in some police vehicles were taken offline. Last May, a ransomware infection disrupted 911 operations in Riviera Beach, Fla. Healthcare providers and hospitals have also come under attack, with some forced to suspend operations. A major hospital in the state of Georgia was among the recent victims.
For a city or state, the cost to remediate the damage from a ransomware attack can run to hundreds of thousands of dollars. For a county fire department, sheriff’s office, or ambulance crew, the disruption has a more immediate negative impact. Deprived of the ability to communicate using their digital tools, emergency responders are severely hampered in their ability to carry out their missions rapidly and effectively.
The risk to sensitive data
The nature of ransomware also poses a very real threat to potentially sensitive information, such as law enforcement data. Ransomware works by locking users out of their files, so they can’t access their data. Even paying the ransom, as some agencies have felt compelled to do, is no guarantee they’ll be able to retrieve their vital information, which could impede investigations.
Why is this happening now? Malicious actors target the weakest systems to increase their chances of success. Since many Government agencies have historically maybe not invested in sufficient levels of protection, it’s left them open to infection and consequently, they’re more likely to pay the extortionists to remove the malware.
How a ransomware infection starts
Up to now, most ransomware attacks have targeted an agency’s main infrastructure, but it’s just a matter of time until criminals figure out a way to attack through insecure mobile devices given the potential vulnerabilities, the risk of users unwittingly downloading a malicious file, and the inability of IT to manage and secure endpoint devices.
It’s essential that our first responders have a secure mobile internet experience. Equally, it’s important that if a device should become infected, IT administrators can identify rogue behavior and isolate the source to prevent a further spread. They also need to protect data from being encrypted by ransomware.
That’s where a solution like AccessMyLAN (AML) can help first responders avoid ransomware. It’s a mobility service that allows you to have full visibility, control, and proactive defense for all SIM-enabled devices. AML is a service embedded in the FirstNet Cellular Network. There’s no extra hardware required, time to pilot and roll out is short, and the service conforms to security industry best practices. It provides strong network data security and full visibility of traffic. This enables IT administrators to secure devices from non-task related applications and cyber threats, and ensure first responders can efficiently and safely execute their duties.
For our next blog in this series, we’ll take a deeper dive into how you can maintain compliance with the appropriate standards using AML, which is FIPS and CJIS compliant.
Emergency services and first responders are increasingly looking to gain the benefits of digital technology – but this comes with a downside risk because it widens the potential attack surface for malicious actors. In-vehicle and on-person connected devices have become critical pieces of equipment in police cars, ambulances, and fire trucks. That’s why in this age of ransomware infections, it’s vital for IT administrators to secure, protect and manage these endpoints if they’re not to become ‘patient zero’ in a fresh outbreak.
To find out more, contact your AT&T FirstNet account manager.