Ransomware is one of the most predominant cybersecurity threats today, impacting a wide range of industries from healthcare to public safety. This type of cyberattack grinds an organization’s operations to a halt, costing significant time and money to address and leaving long-term ripple effects in its wake. Given the scale and severity of this threat, which can impact government entities at every level, it’s important to understand the risks your organization faces from ransomware and what you can do to prepare.
Here’s a look at what ransomware is, how it’s impacting local government, and why it’s so important to ensure your systems are fortified against cybersecurity threats.
What is ransomware?
Ransomware is a type of malware that hijacks your data and encrypts it, locking you out of accessing applications, files, databases, or even devices themselves until a ransom is paid to the bad actors. The ransom usually comes with a tight deadline, and the threat that if the money is not received, the data will be destroyed or irretrievable forever. In some cases, when the targeted data is particularly sensitive, cybercriminals may threaten to release the files onto the dark web instead of destroying them.
This malware is typically spread through phishing email attachments and moves quickly through a network to infect critical systems and information. Ransomware can also be spread through visiting infected websites or via messages on social media. The different types of ransomware are:
- Crypto ransomware: The malware encrypts data and demands a ransom to decrypt it.
- Locker ransomware: This version locks you out of your devices or system entirely, demanding payment to enable access.
- Leakware: This ransomware hijacks sensitive information (e.g., hospital patient records, trade secrets) and threatens to leak it.
- Scareware: The malware claims to have detected a virus in your system and demands payment to fix the issue.
- Ransomware as a service (RaaS): Hackers lease out their malware to third parties, enabling amateur attackers to use the ransomware software in exchange for a cut of the earnings.
Ransoms are typically demanded in the form of cryptocurrency, making it difficult to trace and bring the perpetrators to justice. This extortion tactic has become increasingly widespread in recent years, targeting both the private and public sector and costing organizations upwards of $29.1 million in payouts in 2020 alone, according to the FBI’s Internet Crime Complaint Center. Last year’s payouts are estimated to have been $312,493 on average, but ransoms can be much larger, including a whopping $40 million in one case. In addition to how lucrative the practice is, part of the reason why ransomware has become so commonplace is the rise of cybercriminal gangs that offer the aforementioned RaaS, making it easier than ever to carry out an attack.
Earlier this year, the White House issued a dire message about the scale and severity of the threat, warning that organizations of all sizes were potential targets and urging them to take steps to strengthen their cybersecurity practices. In a June 2021 interview with the Wall Street Journal, FBI Director Christopher Wray said the ransomware problem presented parallels to how the country had to change its national security apparatus after the September 11 attacks.
”There’s a shared responsibility, not just across government agencies but across the private sector and even the average American. The scale of this problem is one that I think the country has to come to terms with,” Wray told the Journal.
How ransomware can impact an industry
Attackers have become increasingly attracted to using ransomware to target critical infrastructure. Organizations of all sizes have been impacted, and the malware has shut down gas pipelines, put hospital operations at a virtual standstill, and forced public safety departments back to paper.
The ripple effects for these incidents stretch far – it can take months to fully recover affected systems, costing organizations additional time and money beyond the initial attack.
Ransomware has hit a variety of government entities over the years. Some notable incidents in 2021 include:
- City of Joplin (MO) – The city paid out $320,000 to protect sensitive information after a ransomware attack took down computer servers and programs for the city’s online systems, impacting the municipal court, online bill payments, internet-based telephone systems, and public transportation.
- City of Buffalo (NY) – The city’s public school system was targeted, disrupting teachers’ ability to instruct students working remotely during the COVID-19 pandemic. It took over a week to resume classes. Sixty-three school systems were affected.
- City of Tulsa (OK) – Police officers were forced to go back to paper reports and run physical documents over to the court after a ransomware attack in Tulsa significantly impacted efficiencies in the city’s public safety departments.
Why the public sector is particularly vulnerable
The public sector is particularly attractive for cybercriminals because it’s considered a “soft target” – many organizations are using outdated hardware and software without strong cybersecurity and business continuity plans in place. This is compounded by the fact that municipalities often store highly sensitive data, such as voter information and social security numbers, that is a tempting target to exploit. The cost associated with ransomware attacks isn’t only in terms of the ransom itself; in 2019, when the city of Baltimore became the victim of a ransomware attack, it spent over $18 million on a months-long recovery even though it declined to pay the ransom.
Ransomware is not going away
The cost of ransomware is estimated to reach $265 billion by 2031. As this type of cyberattack shows no signs of slowing down, it’s important to take steps to defend your organization. Ensure all staff members are fluent on cybersecurity threats and best practices, keep software up to date, implement data redundancy, backup your data both offline and online, come up with a business continuity and disaster recovery plan in the event of an attack, and ask your vendors what steps they’re taking to protect your critical systems and information.
