State and local governments increasingly targeted by ransomware attacks

More than 70 state and local governments were infected with ransomware in 2019, as targeted ransomware makes a comeback.

Ransomware: The new cost of doing business Atlanta's ransomware attack was just the beginning. Larry Dignan and Bill Detwiler explain why cyber-attacks are the new normal for business.

The frequency of targeted ransomware attacks against state and local government networks is increasing, with recent reports indicating 23 municipal governments in Texas were targeted with a coordinated campaign using the Sodinokibi ransomware package earlier this month, while Lake City, Florida paid nearly $500,000 in June following a ransomware attack, just a week after Riviera Beach, Florida paid more than $600,000 after officials concluded there was no other way to recover the city's files.

Researchers from Barracuda Networks have identified over 70 municipalities that have fallen victim to ransomware attacks so far this year, naming the Ryuk, SamSam, LockerGoga, and RobbinHood ransomware packages as being used frequently in campaigns against governments. "Email is the most common threat vector for these types of ransomware attacks," Fleming Shi, Barracuda chief technology officer, noted in a blog post, adding that "the blast radius can easily reach networks, applications, and a wide variety of sensitive and critical data."

SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)

In March, $400,000 was paid by Jackson County, Georgia to retain access to systems following a ransomware infection. Ransomware campaigns have also targeted governments outside the US. An attack in Johannesburg, South Africa, led to blackouts as the city-owned electric utility experienced outages as a result of the ransomware attack.

Recovery from ransomware attacks can be quite expensive—Baltimore was attacked in 2018, but paid no ransom. Recovery costs totalled $18 million, according to Barracuda. Likewise, officials in Lake City fired an IT employee following their ransom payment.

Barracuda advises organizations to employ spam filters and phishing-detection systems, as well as firewalls, IP blacklists, malware detection, and user-awareness training to avoid the potential of a ransomware outbreak, and also backups in the event of a ransomware attack. Likewise, the free No More Ransom project—an initiative started the National High Tech Crime Unit of the Netherlands' police force and Europol's European Cybercrime Centre, with cooperation from Kaspersky Lab, McAfee, Barracuda, and AWS—claims to have prevented "at least $108 million" in ransom from being paid to criminals, through the publication of free decryption tools for ransomware victims.

For more, check out "Cybercrime: Ransomware attacks have more than doubled this year" and "Ransomware attacks: Why and when it makes sense to pay the ransom" at ZDNet, and "Government website UX lags behind public sector, surprising nobody" at TechRepublic.

Also see

Portrait of amazed man with laptop computer. Digital glitch effect added

Image: Getty Images/iStockphoto