Nov 08 2022

Government Ransomware Attacks Are Down, but Reports Cite Insufficient Data

Incidents appear to have dropped off since 2021, according to new findings.

A number of local governments have been the target of cybersecurity attacks in recent years. In 2020, for instance, 45 percent of ransomware attacks centered on municipalities, according to Barracuda Networks research.

New data from the Institute for Security and Technology’s Ransomware Task Force, however, seems to suggest fewer incidents have arisen in 2022.

This year, roughly 251 publicly disclosed municipal, school and healthcare-related ransomware incidents occurred in the U.S. through July — significantly less than in 2021, when nearly 400 incidents took place in the first seven months of the year.

In 2021, while the state and local government sector had one of the lowest ransomware attack rates, the percentage of organizations that were affected by ransomware rose 70 percent from 2020 numbers, according to Sophos.

Click the banner below to gain customized content as an Insider.

Ransomware Causes and Data Can Be Difficult to Pin Down

IST’s task force attributed this year’s observed drop in ransomware attacks to factors such as international conflicts and greater national and international law enforcement efforts, although the institute also noted more organizations might be just paying the requested ransom and thus wouldn’t be included in the total.

Sophos found nearly a third (32 percent) of state and local government organizations paid to restore encrypted data in 2021, shelling out an average payment of more than $213,000.

Tallying ransomware incidents can be a challenging task, potentially involving  methods that range from monitoring local news reports to researching the sites ransomware attackers use to convey their threats. What’s more, a certain number now utilize other tactics, such as directly reaching out to a victim’s customers, adding complexity to logging efforts, according to StateScoop.

IST, which merged data from additional sources this year to reach an incident total, said the process proved somewhat challenging because duplicate incidents weren’t always clear, requiring researchers to use statistical approaches that skew toward records dropping instead of counts inflation.

In July, Megan Stifel, co-chair of the Ransomware Task Force, suggested focusing on other potential preventive measures, such as creating a pool of money to assist local governments with post-incident recovery.

Knowing what operational aspects may be putting an organization at risk can also help officials mitigate or prevent ransomware attempts.

According to a 2020 International City/County Management Association report, local governments are often targeted because their systems may not be well protected. A number of Internet of Things-enabled devices have been deployed to assist with water meter management, security camera use and other operations. These devices, in particular, can introduce new vulnerabilities.

DIVE DEEPER: Why visibility is vital for government it network security.

Agencies Can Safeguard Systems and Swiftly Address Cyber Issues

The National Institute of Standards and Technology has issued several cybersecurity recommendations, including utilizing techniques such as continuous security monitoring to identify events as they occur and identity management and access control to limit their potential impact, along with procedures to respond quickly to incidents and recover by restoring any affected operations.

Earlier this year, North Carolina and Florida passed legislation requiring state and local government agencies to report ransomware incidents soon after they’re detected. North Carolina’s law prevents public sector entities from paying ransomware requests, according to the National Governors Association — which also notes that ransomware-centric bills are currently pending in a number of other states.

Regardless of whether or not the amount of local government-focused ransomware attacks will ultimately be revealed to have declined this year, the involved cost and other potential ramifications remain considerable. The city of Quincy, Ill., for instance, has paid more than $600,000 in response to a May ransomware attack.

Wheat Ridge, a suburb of Denver, had to temporarily shut down its phones, email and city hall when its systems were overtaken in August. However, due to adequate backups, the municipality felt it could reassemble its databases and other resources internally, and was able to decline paying the $5 million ransomware demand it received.

Charday Penn/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.