Ransomware: Who's likely to pay?
When it comes to paying off attackers, local governments fall just behind the energy industry in their willingness to pay ransoms.
Local governments are just behind oil and gas utilities in their willingness to pay ransoms to attackers who lock up their data.
According to a new report by CyberSaint, the education and retail sectors have been the most popular targets, with 44% of respondents to a company poll reporting having experienced a ransomware event. Local government was also a common target, with 34% of respondents reporting an attack – the same percentage as reported by the financial sector.
When it comes to paying off attackers, though, local government falls just behind the energy industry in its propensity to pay ransoms. Just over 40% of government respondents reported paying to get their systems and data back. Education organizations paid 35% of the time, the report said.
Some of that willingness to pay may be a function of an organization's ability to restore its systems and data, according to CyberSaint. Local government and health care were at the bottom of industries prepared to restore their data from backups, the company reported.
Those findings echo results from Emsisoft's annual ransomware survey, which found that 77 local governments and agencies were impacted by ransomware in 2021, as were just over 1,000 schools. While expensive and disruptive, the numbers were down from both 2019 and 2020, perhaps indicating that larger governments have fortified their defenses, officials said in a Jan. 18 blog post. Smaller municipalities and counties, though, were increasingly targeted in 2021, according to the survey.
Speaking to the U.S. Conference of Mayors on Jan. 20, Department of Homeland Security Secretary Alejandro Mayorkas encouraged city leaders to be vigilant against cyberattackers, no matter the size of their jurisdiction.
"There may be some of you who feel that your city is immune from a cybersecurity attack, that you're really off the radar screen and perhaps too small to be victimized. There may be others of you who lead very large cities with very sophisticated cybersecurity architectures that might find a great deal of comfort in the architectures that you have built and consider yourselves immune from attack because of them," he said. "And I would respectfully submit that you would both be wrong."
He urged mayors to designate someone to be in charge of cybersecurity and ensure agencies do the day-to-day work of training staff, updating patches and using strong passwords.
"In the cybersecurity world, in a world where we are all connected, it only takes one computer and we say that we're only as strong as our weakest link," Mayorkas said.
Up-to-date information on ransomware vectors, detection, remediation and response is available from the Cybersecurity and Infrastructure Security Agency.