Tribal Ransomware Attack

In December 2019, a Native American tribe declared a state of emergency when they were forced to proactively shut down Tribal systems in order to contain a ransomware attack.

Initially this particular attack appeared to be an insider threat as it originated internally when an employee logged into the travel network, deploying the ransomware that infected all Tribal systems.

A few days later an investigation confirmed that the attack was an inside job perpetrated by a Tribal member and former IT employee who was then charged with felony tampering with public records and felony obstructing government functions.

This incident raises concerns about your own systems and their vulnerability to insider threats and ransomware. Tribes are especially vulnerable as they often operate multi-million dollar enterprises, managing economies that rival those of foreign nations. Having said that, even Tribes that don’t operate on that scale need to be cognizant of these risks and prepare for the potential threats.

Prevention is a strong part of any strategy.

In order to help prevent insider threats, here are five tips:

1. Know and protect your critical assets.
2. Develop a formalized insider threat program.
3. Clearly document and consistently enforce policies and controls.
4. Deploy solutions for monitoring employee actions and correlating information from multiple data sources.
5. Incorporate malicious and unintentional insider threat awareness into periodic security training for all employees.

In order to help prevent ransomware attacks, here are five tips:

1. Do not pay the ransom.
2. Ensure you have backups that are tested regularly and sent offsite.
3. Establish a cybersecurity training program that trains your employees how to identify phishing and social engineering tactics.
4. Use reputable antivirus software and firewalls.
5. Ensure all software is kept up to date.

MGO Technology Group recommends a multi-layered security approach and has a dedicated team of cyber and information security professionals that can create a custom program for small or large tribes to improve your security posture.

Learn more about us.

Definitions

An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems.

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.