Ransomware is ‘straining’ local government services, FBI says

Ransomware actors continue to stress local government organizations by causing disruptions to utilities and critical public services, according to an advisory issued this week by the FBI. According to the bulletin issued Wednesday, local governments accounted for the second-highest victimized group in 2021, trailing only the academic sector as ransomware gangs’ favorite target.

And while the ransomware threat has been a familiar one to local officials for several years now, attacks still ensnare city and state governments, causing financial losses and jamming up critical functions, from courthouse operations to COVID-19 vaccination appointments.

“These types of attacks can have significant repercussions for local communities by straining financial and operational resources and putting residents at risk for further exploitation,” the bulletin reads.

Among the recent incidents the FBI notice references — albeit without identifying the victim — is a January attack against Bernalillo County, New Mexico, which disrupted municipal operations to the point that county buildings were temporarily closed to the public. The attack prompted the county jail to place inmates on lockdown while surveillance cameras and data collection were knocked offline.

Other incidents last year disrupted counties’ health departments, including an attack last May by an affiliate of the Grief ransomware operation that disabled at least one county’s COVID-19 vaccine appointment system. Over the past year-plus, ransomware attacks have also compromised local-government systems pertaining to zoning, finances, law enforcement, emergency dispatching and public defenders, the FBI said.

While the FBI advisory makes the usual recommendations — including continuity planning, regular software patching, network segmentation, offline backups and stronger identity and access policies, like multi-factor authentication — it notes that ransomware actors’ tactics continue to evolve.

Another FBI bulletin published last month noted that in the wake of high-profile attacks last year against the likes of Colonial Pipeline, Kaseya and JBS Foods, ransomware actors are shifting away from “big-game” hunting of high-value targets and toward cloud infrastructure, managed service providers and software supply chains. There’s also been a trend in ransomware striking on holidays and weekends — the Bernalillo County incident, for instance, was reported just after New Year’s.

Ransomware outfits continue to run their operations as a service-for-hire, according to the FBI, and other tactics are picking up as well, like sharing victim information between groups and new extortion efforts like notifying individuals that their personal data has been caught up in an attack.

“In the next year, local US government agencies almost certainly will continue to experience ransomware attacks, particularly as malware deployment and targeting tactics evolve, further endangering public health and safety, and resulting in significant financial liabilities,” the Wednesday alert reads.