- Ransomware attacks against state and local governments are on the rise, according to a report from cybersecurity company Recorded Future. The report found 46 publicly reported ransomware attacks in 2016, a number that dipped to 38 in 2017. But reported attacks jumped to 53 in 2018, and in the first few months of this year reports are already at 21. The numbers for last year and this year might go up because many local and state government attacks are acknowledged weeks or months after they occur; actual numbers likely are higher because government entities do not always publicly acknowledge an attack.
- Another key finding is that cyber crimes tend to be crimes of opportunity, meaning attackers stumble into a target and do not initially know they are targeting a state or local government. Once they realize who they're targeting, the attackers take advantage and go after the most sensitive data.
- Researchers found that state and local governments are less likely than other organizations to pay the ransom demanded by attackers. The analysis estimates that just over 17% of state and government entities pay a ransom and 70% confirm they do not, compared with the 45% of overall organizations that paid as found in another recent report by CyberEdge.
The report notes throughout that limited data influenced the findings, and so it relied heavily on media coverage to inform the conclusions about ransomware attacks on local and state governments. While that can offer insights to overall trends, the given numbers of attacks should not be considered a comprehensive view of the scope of the problem. The author also indicates that local and state governments' hesitance to publicly acknowledge ransomware attacks means they are likely highly underreported.
The report highlights a trend for more governmental ransomware attacks over the past four years, barring a dip in 2017. The security breaches are occurring against cities of all sizes with different types of networks. Baltimore acknowledged last week that it had been hit with an attack, and Akron, OH suffered one earlier this year that took down some systems during a snowstorm. The Port of San Diego was hit in the fall and last spring Atlanta sustained one of the largest and most widely reported governmental ransomware attacks in recent years.
The report's author stated surprise at the discovery that so few local and state governments pay the requested ransom. That topic came into play following Atlanta's attack last year, when it was revealed that the city did not pay attackers the demanded $51,000 ransom. However, the city paid about $2.7 million in recovery costs in the weeks immediately following the attack, and that likely rose in subsequent months. While on the surface that might not seem to make financial sense, using taxpayer funds to pay a ransom is a tricky situation for cities to grapple with, and most choose to take the risk of not giving in to attackers' demands.
As cities become more digital- and data-driven, their cybersecurity regimen needs to keep up to protect infrastructure and internal data, in addition to citizens' data. Figuring out how to do that can be daunting, but a number of guides exist to help cities with the process. For example, the EastWest Institute released a guide that explained cities need a cybersecurity strategy and continual attention to the matter to stay ahead of the risks.