A new report from cybersecurity firm Recorded Future found that ransomware attacks against state and local governments are on the rise.
The report, published May 10, found that ransomware attacks against state and local governments increased 39 percent from 38 in 2017 to 53 in 2018. As of April 2019, there have already been 12 reported attacks. The report also noted that the “numbers for 2018 and 2019 may go up, as not all ransomware attacks against state and local governments are reported immediately.” Rather, the attacks were reported weeks – or even months – after they happened, frequently during city council or budget meetings.
In fact, there have already been more attacks. The report noted in a preface that the “cutoff for this report was the end of April 2019. Since then, there have been at least three new ransomware attacks against state and local governments: Lynn, Massachusetts, and Cartersville, Georgia, as well as Baltimore, Maryland, which was hit for at least a second time.”
While state and local governments are seeing a rise in attacks, the reported noted that it does not appear that these are “targeted attacks in the traditional sense.” Rather, they are attacks of opportunity. Noting that even attacks from well-known hacker groups such as the ones behind Ryuk and SamSam “appear to stumble into these targets.” The report explained that “once these groups do realize they are in a state or local government target, they take advantage of the fact by targeting the most sensitive or valuable data to encrypt.”
Perhaps unsurprisingly, given their often limited budgets, state and local governments are less likely than other sectors to pay the ransom. The report found that only 17.1 percent of state and local government entities that were hit “definitely paid the ransom,” and 70.4 percent of agencies confirmed that they did not pay the ransom. Compare those numbers to a 2019 report from CyberEdge, which found that 45 percent of organizations hit with ransomware paid the ransom.