May 23 2024

State and Local Governments Make Progress Against Ransomware

A new Sophos report reveals fewer attacks, but governments shouldn’t take it easy.

State and local governments are highlighted in a new report that provides a mixed assessment of the effects of ransomware attacks on global organizations. But despite some positive news, the report also illustrates why it’s vitally important for state and local governments to have strong cyber recovery strategies in place to reduce downtime and restore essential functions quickly and efficiently.

Sophos’s The State of Ransomware 2024 report, released April 30, found that just 34 percent of state and local governments reported a ransomware attack the previous year. That’s not only the lowest rate among the 15 industries surveyed, it also represents a steep decline from the previous year, when 69 percent of state and local governments reported ransomware attacks. In contrast, 68 percent of central/federal governments reported a ransomware attack in 2023, the highest attack rate in the study.

In all, ransomware attacks hit 59 percent of organizations across all industries last year, according to Sophos’ survey of 5,000 IT and cybersecurity leaders in 14 countries conducted in early 2024. That’s down from 66 percent in each of the previous two years.

Click the banner below to explore a zero trust approach to cybersecurity.


Ransomware Payments Rise as Sophos Urges Vigilance

Still, fewer ransomware attacks doesn’t mean reduced impact. According to Sophos, the average ransom payment across all industries rose fivefold over the previous year, from $400,000 to $2 million. Additionally, average recovery costs soared to $2.73 million, up from $1.82 million in 2023.

That’s a big reason that Sophos Field CTO John Shier urges organizations to stay vigilant.

“We must not let the slight dip in attack rates give us a sense of complacency,” Shier says. “Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware, we would not see the same variety and volume of precursor threats and services that feed into these attacks. The skyrocketing costs of ransomware attacks belie the fact that this is an equal-opportunity crime.”

There were notable ransomware cyberattacks last year on state and local governments in Fulton County, Ga., and Contra Costa County, Calif. The latter led officials to declare a state of emergency in the county.

Sophos’ research suggests that the relatively low rate of ransomware attacks against state and local governments could indicate stronger defenses. But the IT security firm also notes that cybercriminals might be shifting to other industries that may be more profitable. (State and local governments stood near the middle of the pack for ransom payments, with an average of $5.2 million per event.)

“The ransomware landscape offers something for every cybercriminal, regardless of skill,” Shier says. “While some groups are focused on multimillion-dollar ransoms, there are others that settle for lower sums by making it up in volume.”

WATCH: The CIO of Lodi, Calif., discusses enhancing ransomware defenses.

Data Theft Remains a Big Concern for Ransomware Targets

While state and local governments saw the lowest ransomware attack frequency in the previous year, those events produced extraordinarily high rates of both data encryption and compromised backups. A stunning 98 percent of attacks against state and local governments led to data encryption, and 99 percent involved attempts to compromise backups.

These factors can put more pressure on organizations to pay ransoms, which could explain why state and local governments ended up shelling out ransoms that exceeded the amounts demanded by cybercriminals. State and local governments typically paid 104 percent of the initial ransom ask amount.

Data theft is another area of concern for state and local governments dealing with ransomware attacks, with 42 percent reporting stolen data following a ransomware attack, the fourth-highest percentage among all industries.

And in yet another reminder of the growing importance of zero trust for state and local governments, the report found that compromised credentials were behind 49 percent of ransomware attacks on state and local governments.

“The two most common root causes of ransomware attacks, exploited vulnerabilities and compromised credentials, are preventable, yet still plague too many organizations,” Shier says. “Businesses need to critically assess their levels of exposure to these root causes and address them immediately.”

SeventyFour/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.