AdobeStock_1182960Let’s face it - for many organizations, a ransomware attack is their worst nightmare. The very idea of having the most important files on a single computer encrypted and held hostage is scary enough, much less every computer on your entire network. For many state and local government leaders, this fear rings loud and true. Daily headlines remind them exactly how possible it is for the threat of ransomware to become a reality.

Increased Ransomware Attacks in State and Local Governments

While ransomware can hit any organization or individual, we are seeing a trend in the increase of state and local government agencies being specifically targeted by cybercriminals. This trend is, in part, because government agencies have many moving parts and often an extremely diverse set of technology, creating a large target for attackers. A large attack surface of any kind is attractive to attackers; however, local governments and municipalities present as the perfect target because their networks are often sizable, containing multiple levels of employee access, and feature out-of-date systems. Local governments and municipalities may also have difficult maintenance schedules due to comparingly small, and typically under-funded, IT staffs.

Financial Impacts of a Ransomware Attack

The objective of a ransomware attack on local governments and municipalities is to eliminate the entity’s ability to operate in the hopes that the demanded ransom will be paid in an effort to recover quickly and quietly. The impact of ransomware isn’t a single factor, though. Many experts recommend never paying a ransom because it may open you up for additional attack, labeling you with a sign that should basically say “I PAY RANSOMS.” This is often easier said than done, however, when the victim’s primary objective is typically to get back up and running as fast as possible.

It is important to remember that ransomware is not a one-time cost. There are still negative and financial implications even when the demanded ransom isn’t paid. The downtime alone will draw headlines and could potentially impact the victim’s reputation. Additionally, the cost of recovery is often significant. The average cost to recover from a ransomware attack is often far greater than the ransom itself. This expense is largely from recovery efforts, in addition to the investigation to determine how the ransomware attack was carried out and what level of access to data the attacker had during the attack.

Ransomware vs Everyone Else

Unfortunately, there is no way to know what the future of ransomware looks like for local governments and municipalities. On a good note, there are many protections and precautions that can be done to help identify an active ransomware attack or help you recover quickly from a ransomware attack when it is successful. Many agencies and organizations have expanded end user training to include the threat of ransomware and what to do if it’s identified. Information technology professionals are testing to see the impact of ransomware and building strategies around weak points to isolate the most vulnerable and valuable targets in an organization. The bad news is that, as these protections are being put into place, there is continuous effort by attackers to identify new vulnerabilities to deliver new ransomware variants. So, as this game of cat-and-mouse continues, it is important to understand that any government agency or municipality is a high-value target for attackers and the impact of an attack is often much greater than the ransom itself.

COMMENTS

THIS POST WAS WRITTEN BY Kendall Blaylock

Kendall serves as the director of cyber intelligence for HORNE Cyber where his specialty is digital forensics and incident response.