Nearly two-thirds of all publicly known ransomware attacks in the United States in 2019 have targeted state or local governments, according to a report published Wednesday by the IT security firm Barracuda Networks.
In total, Barracuda said the the 55 attacks against state and local governments reported between January and July that it analyzed accounted for more than 60 percent of all ransomware incidents against U.S. targets. Barracuda’s research did not include the widespread ransomware attack earlier this month that hit 22 communities around Texas, though the company said that event, which officials have described as a “coordinated” effort by a single threat actor, will push the total number of attacks for 2019 to more than 70.
Of the 55 attacks Barracuda’s researchers looked at, just three hit state government agencies — Massachusetts’ public-defender agency and Georgia’s court system and public-safety department — while the remaining targeted town-, city- and county-level entities. Of those municipal victims, communities of fewer than 50,000 residents accounted for 45 percent of the ransomware activity, while 24 percent had fewer than 15,000.
“Smaller towns are often more vulnerable because they lack the technology or resources to protect against ransomware attacks,” the report reads.
Several of those less-populated victims have made steep payments to hackers in exchange for decryption keys meant to unlock computers and servers frozen by ransomware attacks. Washington, Pennsylvania — population 13,508 — paid $21,250 after a May attack, while Lake City and Riviera Beach, Florida agreed to pay nearly $1.1 million collectively in June following infections by a particularly expensive malware known as Ryuk.
Meanwhile, just 16 percent of the municipalities targeted had populations of more than 300,000, though that group includes places like Baltimore, where a May attack may eventually cost the city more than $18 million in emergency IT spending and lost revenue.
While Barracuda’s report concludes with the usual recommendations for government IT officials — updating aging operating systems, installing firewalls and blacklisting malicious IP addresses — the ransomware threat shows now signs of slowing down.
“Will it happen again? It is happening again. It’s probably happening right now,” James Globe, vice president of operations for the Center for Internet Security’s Multi-State Information Sharing and Analysis Center, said last week at a conference for state IT officials.
State and local governments were also urged to redouble their cybersecurity efforts in a July memorandum issued by the Department of Homeland Security, the National Association of State Chief Information Officers, the National Governors Association and the Center for Internet Security. Meanwhile, the Cybersecurity and Infrastructure Security Agency, the DHS branch responsible for protecting U.S. computer networks and other critical infrastructure, made ransomware the focus of its first report in a series of new policy advisories.
Clarification: This story has been updated to read that two-thirds of ransomware attacks in 2019 have targeted state and local governments.