Why Are Local Governments the Target of Ransomware?

There’s no question about it: Governments are falling victim to ransomware attacks more than ever before.

Such attacks on local governing bodies are nothing new. One of the first victims of contemporary ransomware was the police department of Swansea, a small town in southeastern Massachusetts.

In the last few years, however, cybercriminals have begun to target local and state governments with increasing frequency. Consider these statistics:

• In 2017, there were 38 ransomware attacks on city, town, and state governments. 
• In 2018, there were 53 such attacks.
• By the end of April, 2019, there had already been 21 ransomware attacks on states, cities, towns, and counties.
• The most recent count for 2019 brought the total to 70 ransomware attacks on state and local governments nationwide. 

These attacks span 48 of the 50 states and include the District of Columbia.

What happens during a ransomware attack?

Ransomware is exactly what it sounds like: A hacker gets into a victim’s network, usually by tricking someone into clicking a malicious link or opening a file that contains a virus. 

Traps like these usually mimic legitimate businesses with real links an employee might click—to track a package, for example, or verify an invoice. Once someone clicks the link or attachment and activates the virus, it encrypts critical files on the computer or within the network. 

The attacker then holds the files for ransom. Either the targeted organization pays the attacker to decrypt the hijacked material or the attacker destroys it. Meanwhile, operations halt as the business tries to recover critical data.

Why is ransomware for municipalities so popular?

In comparison to private corporations, city and state governments are known for having less money at their disposal. So why are hackers attacking them so frequently?

First of all, municipalities and states provide essential services. Their systems are tied to their ability to dispatch these services. Consider school district ransomware, which can shut down K-12 education and disrupt a whole community. Also consider the impact on things like EMS services, fire departments, and state assistance programs.

Hackers know how much governments need the information in their systems, and they take advantage of this by demanding large ransoms. Sometimes the target is able to refuse and recoup the data another way, but sometimes paying up is the only way to keep serving the public.

Unfortunately, municipalities depend on public funds to pay expenses, including a cyberattack ransom. They have to disclose the attack to recover from it, and these disclosures can serve as advertisements to hackers –— “This kind of organization is an easy target.” 

What’s the cost of a ransomware attack?

The amount demanded in a ransomware attack varies among incidents, but this year’s ransoms have been consistently within the six-figure range. 

Authorities in Jackson County, Florida, paid attackers $400,000 when they became victims of a ransomware attack in March. Hackers again targeted Florida in June and hit three towns—Key Biscayne, Riviera Beach, and Lake City. 

Lake City paid 42 bitcoin, almost $500,000, to get their information back. Riviera Beach paid the equivalent of almost $600,000 to attackers and more than $940,000 to rebuild its infrastructure. This included the purchase of all-new computers and other hardware.

These are just the short-term expenses. A 2018 attack on Atlanta, Georgia, has cost the city about $17 million to recover. Baltimore City, which was attacked this May, has spent $18 million in recovery and preventive measures. 

Each time an attack happens, a new city has to make the decision: pay up or leave people stranded?

To pay or not to pay?  

Ransomware attacks are costly even if the municipality refuses to pay, which many do. When researchers analyzed data from a 2019 report on ransomware attacks, they found that only 17.1 percent of state and local governments paid the requested ransom.

Some attacks on governments don’t get reported right away, and these institutions are also less likely to pay ransoms. Analysis of a 2019 report shows that 17.1 percent of state and local governments paid ransoms, while 70.4 percent confirmed that they refused to pay.

For comparison, a review of all victimized organizations showed that across industries, 45 percent of targeted organizations paid ransoms in 2019, as compared to 38.7 percent in 2018. More victims are giving in to attackers’ demands, but the public sector is holding out.

The case for not paying  

Nonpayment is the FBI’s recommended response to a ransomware attack, largely because ransom payments encourage hackers to use the same strategy again. The ransom money may even directly fund the next attack. By paying off a hacker, you are empowering them to attack someone else.

Paying a ransom doesn’t even guarantee you’ll get your data back. According to CyberEdge’s 2019 Cyberthreat Defense Report, more than 38 percent of victimized organizations paid ransoms and lost their data anyhow. Sometimes this happens because the hacker refuses to de-encrypt the data, but sometimes they simply don’t know how to do it.

Finally, there are hackers who will take the ransom money they’ve demanded, then turn around and ask for more. Do you let the payout go or come up with yet more money? 

Why you'd choose to pay

Paying a ransom probably isn't what you'd choose to do with your budget, but sometimes you don't have much of a choice. You need your data back, and you don't have the IT expertise or resources to go after it yourself. 

If you find yourself in a situation like this, where you have to pay a ransom, you're best off letting let an expert handle it. They can interface with the attackers, negotiate terms, and, most importantly, make sure that the attackers follow through on their promises to restore system access.

How to Prevent Ransomware Attacks

As the old saying goes, an ounce of prevention is worth a pound of cure. The best way to prevent a ransomware attack is to have everyone on the team looking out for suspicious messages.

The Riviera Beach attack, which took place earlier this year, happened because an employee opened a malicious email attachment. If the municipal government staff had received anti-ransomware training, the attack may have been prevented.

Government departments should also have security policies in place that employees need to follow, especially if they use their own devices on the networks. A cybersecurity strategy is also a worthwhile investment, especially now that governments are such popular targets.

Ransomware can take out a government in the blink of an eye, and it can cost millions to get everything back up and running again. Don't take the risk—consider outsourcing your cybersecurity and other critical IT services to ensure your information’s safety.