Ransomware Causes and Data Can Be Difficult to Pin Down
IST’s task force attributed this year’s observed drop in ransomware attacks to factors such as international conflicts and greater national and international law enforcement efforts, although the institute also noted more organizations might be just paying the requested ransom and thus wouldn’t be included in the total.
Sophos found nearly a third (32 percent) of state and local government organizations paid to restore encrypted data in 2021, shelling out an average payment of more than $213,000.
Tallying ransomware incidents can be a challenging task, potentially involving methods that range from monitoring local news reports to researching the sites ransomware attackers use to convey their threats. What’s more, a certain number now utilize other tactics, such as directly reaching out to a victim’s customers, adding complexity to logging efforts, according to StateScoop.
IST, which merged data from additional sources this year to reach an incident total, said the process proved somewhat challenging because duplicate incidents weren’t always clear, requiring researchers to use statistical approaches that skew toward records dropping instead of counts inflation.
In July, Megan Stifel, co-chair of the Ransomware Task Force, suggested focusing on other potential preventive measures, such as creating a pool of money to assist local governments with post-incident recovery.
Knowing what operational aspects may be putting an organization at risk can also help officials mitigate or prevent ransomware attempts.
According to a 2020 International City/County Management Association report, local governments are often targeted because their systems may not be well protected. A number of Internet of Things-enabled devices have been deployed to assist with water meter management, security camera use and other operations. These devices, in particular, can introduce new vulnerabilities.
Agencies Can Safeguard Systems and Swiftly Address Cyber Issues
The National Institute of Standards and Technology has issued several cybersecurity recommendations, including utilizing techniques such as continuous security monitoring to identify events as they occur and identity management and access control to limit their potential impact, along with procedures to respond quickly to incidents and recover by restoring any affected operations.
Earlier this year, North Carolina and Florida passed legislation requiring state and local government agencies to report ransomware incidents soon after they’re detected. North Carolina’s law prevents public sector entities from paying ransomware requests, according to the National Governors Association — which also notes that ransomware-centric bills are currently pending in a number of other states.
Regardless of whether or not the amount of local government-focused ransomware attacks will ultimately be revealed to have declined this year, the involved cost and other potential ramifications remain considerable. The city of Quincy, Ill., for instance, has paid more than $600,000 in response to a May ransomware attack.
Wheat Ridge, a suburb of Denver, had to temporarily shut down its phones, email and city hall when its systems were overtaken in August. However, due to adequate backups, the municipality felt it could reassemble its databases and other resources internally, and was able to decline paying the $5 million ransomware demand it received.