Connect with us

Hi, what are you looking for?



FBI Warns of Ransomware Attacks Targeting Local Governments

The Federal Bureau of Investigation (FBI) this week warned local government entities of ransomware attacks disrupting operational services, causing public safety risks, and causing financial losses.

The Federal Bureau of Investigation (FBI) this week warned local government entities of ransomware attacks disrupting operational services, causing public safety risks, and causing financial losses.

In a Private Industry Notification (PIN), the FBI underlined the significance of such attacks, due to the public’s dependency on services overseen by local governments, including critical utilities, education, and emergency services.

According to the FBI, local government entities within the government facilities sector (GFS) represented the second most targeted group following academia, based on victim incident reporting throughout 2021.

Last year, smaller counties and municipalities represented the majority of victimized local government agencies, “likely indicative of their cybersecurity resource and budget limitations,” the FBI says.

Based on an independently-conducted survey, local governments are the least able to prevent ransomware attacks and recover from backups, and often pay the ransom to get the data back.

[ READ: FBI: 649 Ransomware Attacks on Critical Infrastructure Organizations in 2021 ]

Ransomware attacks on local governments may result not only in the disruption of services, but also in the compromise of data, and could have significant impact on local communities.

Advertisement. Scroll to continue reading.

In January 2022, Bernalillo County had to shut down its computer systems and public offices following a ransomware incident.

The attack also resulted in emergency response operations falling to “backup contingencies,” and in the lockdown of the Metropolitan Detention Center (MDC), after surveillance cameras at the facility were disabled, and automated doors deactivated.

In September 2021, a ransomware attack on a US county’s network shut down the county courthouse and resulted in the compromise of a large amount of data.

In a May 2021 attack, a county’s operations, including scheduling of COVID-19 vaccination appointments, were crippled and the attackers claimed to have stolen over 2.5 gigabytes of data.

[ READ: Ransomware Targeted 14 of 16 U.S. Critical Infrastructure Sectors in 2021 ]

In January 2021, an attack on another local US county government’s systems resulted in the encryption of jail and courthouse computers, as well as election, financial, law enforcement, and other files.

The incident impacted the sheriff department’s records management program and public defender office computers, among others.

Ransomware is typically distributed through phishing, RDP connections, and software vulnerabilities, and remote working caused by the COVID-19 pandemic provided threat actors with new attack vectors.

“In the next year, local US government agencies almost certainly will continue to experience ransomware attacks, particularly as malware deployment and targeting tactics evolve, further endangering public health and safety, and resulting in significant financial liabilities,” the FBI says.

Related: FBI Warns of BlackByte Ransomware Attacks on Critical Infrastructure

Related: Nations Vow to Combat Ransomware at US-Led Summit

Related: U.S. Agencies Publish Ransomware Factsheet

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.