7 Facts About Ransomware Attacks on Local Government
High-profile ransomware attacks on city and state governments have made national and international news in the past year. Many people are left wondering how serious the problem is—and what, if anything, can be done about it.
Here are 7 facts you need to know about this important issue:
It’s Happening Everywhere
While attacks on major cities like Baltimore and Atlanta tend to receive the most media attention, smaller municipalities are targeted by bad actors with equal frequency. The little towns of Wilmer, Texas (pop. < 5,000) and Lake City, Florida (pop. < 13,000) were both hit with crippling ransomware attacks in 2019.
It’s Not Just Disruptive. It’s Dangerous.
Ransomware attacks on businesses and schools disrupt operations and interfere with scheduled activities, inconveniencing customers, students, and families. But when the bad guys target cities and states, critical services can go offline—including 911 dispatch systems and other vital digital infrastructure.
It’s More Expensive Not To Pay
The perpetrators of the Baltimore and Atlanta attacks each demanded less than $100,000 in Bitcoin—which both cities refused to pay. But the costs of downtime and recovery in Baltimore are projected to run as high as $18 million, while Atlanta expects to lose up to $17 million due to their attack. As the financial effects of such attacks are so severe, some insurance companies are now offering ransomware coverage, offering to pay ransoms to hackers in the event of an attack. It’s perhaps unsurprising, then, that some smaller cities have opted to pay ransoms, even though this offers no guarantee of success (and further emboldens bad actors).
Local Governments Are Soft Targets
Unfortunately, one reason state and local governments are being attacked with increasing regularity is their relatively weak security protocols—and this is largely attributable to a lack of funding. With budgets already strained, and cybersecurity challenges increasing due to the adoption of IoT technologies in our nation’s cities, many observers have pointed out that cybersecurity funding is simply inadequate to address the situation. Another negative effect of a lack of funding is the inability to recruit trained personnel, which has created a serious skills shortage in the view of many state CISOs.
The Knowledge Gap is Real
Another problem facing governments is a lack of basic cybersecurity awareness training among non-technical employees. Many ransomware attacks are deployed via phishing or spear phishing attacks, which exploit people’s susceptibility to social engineering tactics along with a basic lack of cybersecurity knowledge. Other attacks take advantage of weak passwords or unpatched software: things which fall firmly in the realm of human error.
The Bad Guys Usually Get Away
Unfortunately, despite the increased attention given to ransomware attacks on governments, it can be extremely difficult to track down the perpetrators of these crimes. Many attacks are opportunistic in nature, often relying on automation to seek out and attack targets. The digital tools used by the bad actors are often purchased anonymously on the dark web: They are basically “off-the-shelf” malware, not necessarily created by the attackers themselves. All of this makes it very difficult to trace an attack back to a particular individual or group. While hackers are sometimes brought to justice (two Iranian nationals were indicted in the Atlanta attack), more often than not, the authorities never figure out who carried out the attack.
There is an Answer
Despite the severity and prevalence of the problem, there are steps that municipalities and states can take to keep themselves safe. First and foremost, a robust backup solution—ideally cloud-based and therefore off-site—is essential for mitigating the effects of a ransomware attack. Employee education, especially around topics like phishing awareness and a basic knowledge of how ransomware works, is an important key to preventing attacks in the first place. And lastly, an adequate IT budget is crucial in order for governments to hire well-trained personnel and give them the time, tools, and resources to secure networks and keep software updated.
Ransomware attacks on governments are a serious problem, and are likely to continue for the foreseeable future. But by taking this problem seriously, and ensuring that there is adequate cybersecurity funding in the budget, it is possible for local governments to protect themselves (and their citizens). As cities both large and small have already discovered, money spent on cybersecurity is a sound investment—since being caught off-guard by a ransomware attack can often cost far more in the long run.