Jun 20 2023

Changes in the Ransomware Threat to State and Local Governments

Ransomware execution windows have become shorter as criminals aim for faster paydays.

According to SonicWall’s 2023 Cyber Threat Report, ransomware has “been on a tear” for the past few years, growing 105 percent year over year in 2021.

While the report found that attacks were down in 2022, ransomware targets still reported very large number of attacks compared to levels in 2018, 2019 and 2020.

As always, bad actors are looking for opportunities to penetrate targets with minimal effort. And with local governments usually dealing with limited resources, they’re often considered low-hanging fruit when it comes to cyberattacks. A lack of resources can hinder agencies’ basic cybersecurity hygiene, leaving them open to the simplest security mistakes, such as using default passwords or not implementing multifactor authentication everywhere. Of course, this makes agencies a tempting target.

Here is how ransomware has been changing over the past several years, and how state and local governments can respond.

Ransomware Sidebar


Agencies Must Prepare for New Ransomware Threats

According to CrowdStrike’s 2023 Global Threat Report, bad actors continued to adapt to defensive measures in 2022. As a result, ransomware attacks are quicker and easier to execute than ever. An IBM X-Force study revealed there was a 94 percent reduction in the average deployment time for ransomware attacks. What took attackers over two months in 2019 took just under four days in 2021.

This vast reduction in attack time may be due to the wide availability of Ransomware as a Service. This is a model in which affiliates pay to launch ransomware attacks developed by operators. The CrowdStrike report found more than 2,500 advertisements for access identified across criminal channels, a 112 percent increase compared with 2021.

Generally, bad actors are looking to make money, and RaaS can benefit the bottom lines of both parties. Entities that create ransomware tools can sell them without the risk of getting caught, while actors who buy ransomware tools don’t need to spend the time and resources to create the tools themselves.

Cybercriminals also are adjusting their expectations and often asking state or local agencies for ransom amounts that officials could reasonably charge to a credit card. This allows bad actors to get payment quickly and avoid bureaucratic delays from special authorizations.

Intermittent encryption is another emerging ransomware threat. It involves bad actors encrypting some parts of a file while skipping others. The technique aims to make encryption faster and less CPU-intensive while still rendering files unusable. Intermittent encryption also aims to make attacks harder to identify, but organizations that have tools to monitor all of their files should be able to detect this.

Click the banner to learn how your agency can increase its ransomware recovery capability.

How Governments Can Improve Their Security Defenses Right Now

Agencies can follow cybersecurity frameworks from leading organizations such as the National Institute of Standards and Technology. Agencies can create maps of what they have security for, then follow a framework to make sure things are configured properly.

Agencies might have firewalls, but are they really configured to do the job? Do staff investigate red flags? Do employees act on and remediate those issues raised by the firewall? Is there some sort of device protection for personal devices? Following a framework can help answer these questions.

READ MORE: Why IoT botnets remain a critical cybersecurity threat to state and local governments.

If agencies don’t have the personnel to take on these security measures alone, they can look into managed services to stay protected. Qualified managed service providers can provide teams of external security experts dedicated to protecting agencies.

If an agency lacks a CISO, it can leverage virtual CISO services to assess its security posture. But before using such a service, an agency must meet a cybersecurity baseline, with the requisite tools and processes to get the most out of it.

This article is part of StateTech’s CITizen blog series. Please join the discussion on Twitter by using the #StateLocalIT hashtag.


alphaspirit/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.