Ransomware Attacks Massively Target Local Gov

Ransomware attacks massively target local governments. Here’s what you need to know about it.

In June 2019, the city council of Riviera Beach Florida decided to pay almost $600,000 as ransom to recover the city’s networks and data following a ransomware attack. How did it happen? An employee from the local police department opened a malicious email containing malware. This led to the virus spreading through the municipal government, thereby shutting down the city’s online portals, including government employees’ emails and the ability to make online payments. The city’s 911 dispatchers’ systems were also affected, forcing employees to record caller information by paper. The city council voted for the ransom to be paid by its insurer. The city then received a decryption key and was able to reinstitute its previously compromised networks and systems.

Similarly, Lake City, Stuart, Fort Lauderdale, and Pensacola – all in Florida – suffered large ransomware attacks. Research shows that in 2020, ransomware attacks on government bodies ended up costing $18.9 billion.

These incidents emphasize the imminent threat of ransomware to local governments. Here, we will talk about why local governments are highly targeted by ransomware and how to minimize risks and maximize protection through efficient cybersecurity practices.

Why are local governments such alluring targets for ransomware attacks?

Ransomware attacks have been on the rise for years. The pandemic – due to the increased demand for remote access solutions and the failure by many organizations to prioritize cybersecurity – has only exacerbated the problem. Local governments are particularly vulnerable.

  • Government systems store large amounts of private, sensitive, and classified data on their citizens. This makes them very attractive targets to cybercriminals.  
  • Ransomware attacks can have a profound effect on the operational capabilities of a local government and its entities, shutting down important systems and portals for weeks and causing substantial financial damage. The cost of downtime can often exceed the cost of the ransom. Cybercriminals use this vulnerability to their advantage and target victims that are more likely to pay the ransom.
  • Local governments tend to have bigger budget restrictions than private entities, meaning they can’t afford to invest heavily into their cybersecurity. Without adequate cybersecurity solutions, their networks are more likely to have vulnerabilities that threat actors can exploit. 
  • The use of outdated and obsolete systems and software, in addition to the failure to update security patches to current requirements, presents a huge risk to local governments and makes them highly susceptible to ransomware attacks.

What can be done to improve cybersecurity? 

1. Educate your employees about various methods through which ransomware attacks can be launched – social engineering being the big one. Conduct regular training to ensure they are aware of the cybersafety protocols to be followed.

2. Implement security controls like antivirus, antimalware, firewalls, encryption, and multi-factor authentication to ensure that all municipal devices are secure from security breaches.

3. Update all software, applications, and programs to the latest requirements to eliminate any vulnerabilities that cyberattackers could use to their advantage. Employ endpoint security programs and solutions to ensure added security on government devices.

4. Government networks and systems contain a lot of critical and personal data. As such, they should be stored on secure platforms with limited access given only to trusted employees. Additionally, consider switching data storage from locally, on your systems, to securely in the cloud.

5. Regularly back up government files and systems to an alternate and secure location. This practice helps to restore operations quickly in the event of a data breach. Offline backups that are disconnected from your network are the safest way to maintain access to data.

6. Carefully monitor user activity on all systems and networks to ensure that there is no suspicious activity.

7. Regularly audit all systems for vulnerabilities.  

8. Since local governments are a major target for cybercriminals, invest in a strong cyber insurance policy to cover any liabilities in the event of a security breach.

How to respond to a ransomware attack

The FBI strongly discourages organizations from paying a ransom. Government agencies’ cybersecurity reporting is guided by federal and state laws.  For example, Florida’s Cybersecurity and Data Breach Law requires certain disclosures to be made when data containing personal information has been breached or accessed without authorization.

While many local governments had made the decision in the past to pay the ransom, this may no longer be an option soon as the federal government is looking into the possibility of making or facilitating such payments illegal.

To mitigate the extent of the damage caused by ransomware, isolate the impacted systems.  Disconnect your backup system from the network immediately.  Temporarily block users’ and employees’ access to the network.  If you don’t have the know-how to correctly and safely execute these procedures internally, contact a reliable cybersecurity firm, such as Gamma Defense.

Most importantly, do not panic. Follow your breach protocol, and coordinate with the relevant authorities and cybersecurity agencies.