The Federal Bureau of Investigation (FBI) this week warned local government entities of ransomware attacks disrupting operational services, causing public safety risks, and causing financial losses.
In a Private Industry Notification (PIN), the FBI underlined the significance of such attacks, due to the public’s dependency on services overseen by local governments, including critical utilities, education, and emergency services.
According to the FBI, local government entities within the government facilities sector (GFS) represented the second most targeted group following academia, based on victim incident reporting throughout 2021.
Last year, smaller counties and municipalities represented the majority of victimized local government agencies, “likely indicative of their cybersecurity resource and budget limitations,” the FBI says.
Based on an independently-conducted survey, local governments are the least able to prevent ransomware attacks and recover from backups, and often pay the ransom to get the data back.
Ransomware attacks on local governments may result not only in the disruption of services, but also in the compromise of data, and could have significant impact on local communities.
In January 2022, Bernalillo County had to shut down its computer systems and public offices following a ransomware incident.
The attack also resulted in emergency response operations falling to “backup contingencies,” and in the lockdown of the Metropolitan Detention Center (MDC), after surveillance cameras at the facility were disabled, and automated doors deactivated.
In September 2021, a ransomware attack on a US county’s network shut down the county courthouse and resulted in the compromise of a large amount of data.
In a May 2021 attack, a county’s operations, including scheduling of COVID-19 vaccination appointments, were crippled and the attackers claimed to have stolen over 2.5 gigabytes of data.
In January 2021, an attack on another local US county government’s systems resulted in the encryption of jail and courthouse computers, as well as election, financial, law enforcement, and other files.
The incident impacted the sheriff department’s records management program and public defender office computers, among others.
Ransomware is typically distributed through phishing, RDP connections, and software vulnerabilities, and remote working caused by the COVID-19 pandemic provided threat actors with new attack vectors.
“In the next year, local US government agencies almost certainly will continue to experience ransomware attacks, particularly as malware deployment and targeting tactics evolve, further endangering public health and safety, and resulting in significant financial liabilities,” the FBI says.