Ransomware on SLED networks

Malware, ransomware twice as likely to hit state, local networks

State and local governments networks are nearly twice as likely to be infected with malware or ransomware than those in small and medium businesses, according to new data released by Sentinel IPS, a cybersecurity threat management firm.

Education-sector networks also suffer from high infections rates. After evaluating over 30 million alerts from its users around the world, Sentinel IPS found that 67 percent of government networks and 72 percent of education networks triggered critical malware or ransomware alerts, compared to just 39 percent of other networks triggering similar alerts.

These SLED networks – representing 32 percent of the sample size – accounted for 77 percent of critical extrusion prevention system (EPS) check-in alerts.

Among the firm’s findings:

  • A government or education network is four times more likely to be infected with Cryptolocker ransomware compared to other entities.
  • The Kovter botnet, which steals personal information and enables ransomware was concentrated almost exclusively in the government and education space, infecting 23 percent of all networks while affecting only one other network from a different industry.
  • BrowseFox, an adware program that monitors users’ activity and displays pop-up advertising, was reported by 23 percent of government and 67 percent of education networks.

These infections mean that government and educational networks lack “the proper internal controls and protections to keep even the most basic malware, adware and spyware off of their internal systems,” according to the Sentinel IPS blog.

Organizations with fewer, less-advanced cybersecurity resources -- like budget-strapped government offices -- are easy prey for hackers, the report suggested. Additionally, agencies trying to protect a variety of different systems with limited resources are more vulnerable to ransomware attacks, Tim Francis, cyber enterprise lead at Travelers, told DarkReading.

While attacks on educational networks accounted for nearly a third of attempted cyberattacks despite representing only 7 percent of Sentinel IPS sample set, they are still largely “crimes of opportunity,” Rob McCurdy, chief information security officer at Michigan State University, told the Financial Times. He said he sees attackers scanning the university networks for access to personally identifiable information, rather than targeted attacks by nation states seeking research.

But even good cybersecurity protocols may not protect agencies because of the sophistication of the current crop of malware. “The ransomware is that good,” said Joseph Bonavolonta, the assistant special agent in charge of the FBI’s CYBER and Counterintelligence Program, according to a report on The Security Ledger.  “To be honest, we often advise people just to pay the ransom.”

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected