Dive Brief:
- Ransomware attacks against state and local governments are on the rise, according to a report from cybersecurity company Recorded Future. Reported attacks jumped to 53 in 2018, and in the first few months of this year reports are at 21. There were 38 reported attacks in 2017.
- The numbers for last year and this year might go up because many local and state government attacks are acknowledged weeks or months after they occur; actual numbers likely are higher because government entities do not always publicly acknowledge an attack.
- Researchers found that state and local governments are less likely than other organizations to pay the ransom. The analysis estimates that just over 17% of state and government entities pay a ransom and 70% confirm they do not, compared with the 45% of overall organizations that paid as found in another recent report by CyberEdge.
Dive Insight:
Cybercrimes tend to be crimes of opportunity. Attackers stumble in and do not initially know they are targeting a state or local government. Once they realize who they're hitting, the attackers go after the most sensitive data.
The report's numbers of attacks should not be considered a comprehensive view. The author also indicates that local and state governments' hesitance to publicly acknowledge ransomware attacks means they are likely highly underreported.
The report highlights a trend for more governmental ransomware attacks over the past four years, barring a dip in 2017. The security breaches are occurring against cities of all sizes with different types of networks.
Baltimore acknowledged last week that it had been hit with an attack, and Akron, OH suffered one earlier this year that took down some systems during a snowstorm. The Port of San Diego was hit in the fall and last spring Atlanta sustained one of the largest and most widely reported governmental ransomware attacks in recent years.
The report's author stated surprise at the discovery that so few local and state governments pay the requested ransom. That topic came into play following Atlanta's attack last year, when it was revealed that the city did not pay the demanded $51,000.
However, the city paid about $2.7 million in recovery costs in the weeks immediately following the attack, and that likely rose in subsequent months. While on the surface that might not seem to make financial sense, using taxpayer funds to pay a ransom is a tricky situation for cities to grapple with, and most choose to take the risk of not giving in to demands.
The push for more digital- and data-driven cities means cybersecurity regimens will be relied on to protect infrastructure and internal data. Figuring out how to do that can be daunting, but a number of guides exist to help cities with the process. The EastWest Institute released a guide that explained cities need a cybersecurity strategy and continual attention to the matter to stay ahead of the risks.