The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

U.S. Wary of a Ransomware Attack Against 2020 Election

by Chris Brook on Tuesday August 27, 2019

Contact Us
Free Demo
Chat

A report Monday confirmed that the U.S. government is concerned about foreign hackers spreading ransomware that can manipulate voter databases ahead of next year's election..

Fearing the repercussions of a ransomware attack against the next year's presidential election, U.S. officials are reportedly prepping a program that will better safeguard voter registration databases and systems in the months leading up to next year's election.

The Department of Homeland Security's Cybersecurity Infrastructure Security Agency (CISA) is readying a program to spread awareness on such attacks.

According to Reuters, which broke news on the program Monday afternoon, government officials are concerned that foreign hackers will target voter databases - like Russian hackers successfully did in 2016 - but also that they'll try to "manipulate, disrupt or destroy the data," as well.

While the specifics of the program aren't yet known, it sounds as if it will rely heavily on the participation of state election officials. CISA will ensure officials are aware of ransomware prevention best practices, that includes providing them with education materials, remote computer penetration testing, and vulnerability scans.

“Recent history has shown that state and county governments and those who support them are targets for ransomware attacks. That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks,” Christopher Krebs, CISA’s director told the publication on Monday.

One thing the guidance won't do, per Reuters, is direct victims to either pay or not pay the ransom if they're ultimately hit by the malware.

The FBI has had a checkered history with this regard. Its most recent stance, made more clear in an FBI podcast last week, urged victims not to pay the ransom, stressing it could further encourage criminal activity.

"There was an example where a company paid the ransom, and the bad actors provided a ransomware key, but instead of unlocking that company’s data it, actually erased all that company’s data. These are fairly rare instances, but there is a risk there... " Section Chief Herbert Stapleton, of the FBI's Cyber Division, told Mollie Halpern, the head of the FBI's Office of Public Affairs.

“It really just encourages and facilitates further criminal activity. They basically will continue to attack as long as it’s profitable for them. So, continuing to contribute to that profitability just encourages more ransomware attempts.”

While it remains to be seen what the scope is and how comprehensive CISA's program may be, few could argue it's not necessary. Ransomware attacks are nothing new but they've especially tested the resolve of U.S. cities this year.

This month alone has seen a slew of attacks against municipalities in Texas, 22 in total. There were also attacks that took aim at the networks of the city of Baltimore, Albany, Lake City, Fla., and the Administrative Office of the Georgia Courts over the past several months. These of course followed up a massive ransomware attack in Atlanta last year that rendered municipal operations useless and cost the city upwards of $2.7 million to recover.

Tags: Ransomware

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.