Ransomware on SLED networks

Malware, ransomware twice as likely to hit state, local networks

State and local governments networks are nearly twice as likely to be infected with malware or ransomware than those in small and medium businesses, according to new data released by Sentinel IPS, a cybersecurity threat management firm.

Education-sector networks also suffer from high infections rates. After evaluating over 30 million alerts from its users around the world, Sentinel IPS found that 67 percent of government networks and 72 percent of education networks triggered critical malware or ransomware alerts, compared to just 39 percent of other networks triggering similar alerts.

These SLED networks – representing 32 percent of the sample size – accounted for 77 percent of critical extrusion prevention system (EPS) check-in alerts.

Among the firm’s findings:

  • A government or education network is four times more likely to be infected with Cryptolocker ransomware compared to other entities.
  • The Kovter botnet, which steals personal information and enables ransomware was concentrated almost exclusively in the government and education space, infecting 23 percent of all networks while affecting only one other network from a different industry.
  • BrowseFox, an adware program that monitors users’ activity and displays pop-up advertising, was reported by 23 percent of government and 67 percent of education networks.

These infections mean that government and educational networks lack “the proper internal controls and protections to keep even the most basic malware, adware and spyware off of their internal systems,” according to the Sentinel IPS blog.

Organizations with fewer, less-advanced cybersecurity resources -- like budget-strapped government offices -- are easy prey for hackers, the report suggested. Additionally, agencies trying to protect a variety of different systems with limited resources are more vulnerable to ransomware attacks, Tim Francis, cyber enterprise lead at Travelers, told DarkReading.

While attacks on educational networks accounted for nearly a third of attempted cyberattacks despite representing only 7 percent of Sentinel IPS sample set, they are still largely “crimes of opportunity,” Rob McCurdy, chief information security officer at Michigan State University, told the Financial Times. He said he sees attackers scanning the university networks for access to personally identifiable information, rather than targeted attacks by nation states seeking research.

But even good cybersecurity protocols may not protect agencies because of the sophistication of the current crop of malware. “The ransomware is that good,” said Joseph Bonavolonta, the assistant special agent in charge of the FBI’s CYBER and Counterintelligence Program, according to a report on The Security Ledger.  “To be honest, we often advise people just to pay the ransom.”

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected