Election Security Spotlight – Ransomware

What it is

Ransomware is a type of malware (malicious software) that blocks access to a, system, device, or file until a ransom is paid. Malicious actors use ransomware to either encrypt files (crypto ransomware), erase files (wiper ransomware), or lock systems (locker ransomware) on an infected system or device. Ransomware holds infected systems or files hostage until the victim pays the ransom demand, typically in the form of cryptocurrency (e.g., Bitcoin) or gift cards. If the ransom is not paid, malicious actors may withhold decryption keys, permanently lock access to, or delete the files. Additionally, some ransomware variants spread to other devices and systems on the network, increasing the breadth of infection. Ransomware variants almost always opportunistically target victims, most commonly through malicious links in a spam email.

Why does it matter

A successful ransomware infection on elections infrastructure could result in the theft, irreversible encryption, or deletion of voter registration databases, vote tabulations, and other sensitive records. It could also prohibit legitimate access to elections systems during critical times of operation such as registration and candidate filing deadlines. Moreover, many ransomware variants display a graphic ransom note on the infected system which could be broadcast to the voting public or news of the infection could spread through other means, creating the perception that an election is compromised.

What you can do

Election officials should work with their technical staff to ensure the following key policies are in place to protect their networks against ransomware:

  • Keep your systems and defensive software patched;
  • Maintain up-to-date data backups which are stored offline and regularly tested to ensure they are complete and it is possible to reinstall from the backups;
  • Implement email filtering to identify suspicious emails;
  • Conduct regular end user awareness training on how to identify and respond to suspicious emails and ransomware infections.

The EI-ISAC Cybersecurity Spotlight is a practical explanation of a common cybersecurity concept, event, or practice and its application to Elections Infrastructure security. It is intended to provide EI-ISAC members with a working understanding of common technical topics in the cybersecurity industry. If you would like to request a specific term or practice that may be of interest to the elections community, please contact [email protected].