Ransomware tests local governments
Malicious actors increasingly target smaller governments that lack sufficient cyber defenses, risking the operation of critical public services.
Smaller government agencies are struggling to combat ransomware, as cyber criminals often see them as soft targets due to their legacy equipment, limited cybersecurity funding and overburdened IT staff.
Last week, the FBI issued an alert to help local IT leaders defend against ransomware, offering a set of recommendations to prevent future incidents and detailing recent attacks against smaller counties and municipalities.
It described several attacks on county networks that closed offices, stole personal data, limited access to online records and services and even disabled jail surveillance cameras and deactivated automated doors.
Other recent incidents include:
- A January high-profile cyberattack on New Mexico’s Bernalillo County and Albuquerque Public Schools resulted in severed network connections, systems being taken offline and halted services. The school district was forced to shut down for two days, as the ransomware attack compromised its student information system used to verify authorized school pickups, take attendance and contact families. Public safety departments like 911 communications, the sheriff’s office and the fire department were affected as well, prompting the use of backup systems.
- Pembroke Pines, a city in southern Florida, fell victim to a ransomware incident on Jan. 13 that “impacted [the] ability to access certain city computer systems,” the city said in a statement. Details are sparse, but Local10.com reported that while private citizens’ personal information was spared, that of government employees may have been jeopardized, A month later, the city tweeted that it was still restoring access to certain systems.
- On March 4, a school in Berks County, Pa., experienced technical difficulties as a result of ransomware. However, Fleetwood Area School District Superintendent Greg Miller said there was no immediate safety threat to students or staff as the systems that contained student and financial information were housed off-site and not affected.
- The charting software at Jackson Hospital, located in Marianna, Fla., was infected by the Mespinoza ransomware, forcing a complete shutdown of computer systems in January. Attackers targeted and encrypted a computer server that stores non-critical organizational documents. The recovery team physically disconnected the hospital's electronic health records system from the rest of the computer network to check it for malicious code.
On March 21, President Joe Biden placed U.S. critical infrastructure partners on high alert, warning of malicious cyber activity and asking officials to take a harder look at their defenses in light of the war in Ukraine.
A February joint advisory from the Cybersecurity and Infrastructure Security Agency, the FBI, the National Security Agency and Australian and U.K. partners outlined the growing threat posed by ransomware. The group noted that cybercriminals gain access to networks through phishing, stolen remote desktop protocols credentials, software vulnerabilities and brute force attacks. The ransomware market has matured, they noted, with criminals sharing victim information. offering as-a-service options and targeting cloud and managed service providers.
In recent months, state leaders have worked with regional and local partners to stand up joint cybersecurity task forces, improve coordination and expedite incident response.
In February, New York Gov. Kathy Hochul launched the Joint Security Operations Center to bolster data collection efforts between federal, state, county and local governments. The program will broaden phishing defenses, increase vulnerability scanning and expand penetration testing to ensure the state can protect parts of its system if one portion of the network is compromised. Officials in four other states have launched similar initiatives, including North Carolina, Utah and Arizona.