Municipalities Face a Constant Battle as Ransomware Snowballs

Municipalities in the United States, and globally, are experiencing a fresh wave of ransomware attacks, with even big cities like Dallas falling to the gangs' activities.
In a prime example of the trend, on Nov. 7, the Play ransomware gang posted information it claimed to have stolen from Dallas County in an alleged ransomware attack, with threats of posting more if the group does not get its desired payment.
A Recent History of the Ransomware Attacks Unfortunately, the incident wasn't a one-off - far from it.
This instance was not the first time that the perpetrator, the Royal ransomware group, had attacked the city, either.
In another example of the struggle between ransomware groups and municipalities, Rock County, Wisc., experienced a cyberattack Sept. 29 against its Public Health Department, compromising its computer systems.
The Cuba ransomware gang claimed responsibility for that attack, and announced that the stolen data included financial documents and tax information.
The trend is not just a US issue: On Oct. 30, 70 municipalities in Germany were affected by a ransomware incident after a service provider had to restrict access to prevent the spread of malware.
Prior to that, schools in Hungary and Slovakia were victims of attacks by ESXiArgs ransomware.
As the threat of ransomware attacks against municipalities remains high, the security protections for these targets have remained limited.
Municipalities Make for the Perfect Victim While threat actor tactics and tools evolve and the volume of their attacks increases, the data shows that municipalities are falling behind and failing to rise to the occasion when it comes to protecting themselves.
Municipalities are notoriously understaffed, underfunded, and possess little training when it comes to cybersecurity preparation and mitigation.
When ransomware groups seek out their targets, they know that municipalities will be unprepared to handle their attacks, which will either lead to success and potential notoriety or, even better, an easy ransom payment.
Of the organizations whose data was encrypted in an attack, 99% got their information back, with 34% reporting that they paid a ransom and 75% relying on backups.
Nick Tausek, lead security automation architect at Swimlane, notes that the local public sector historically has a worse security posture than the federal government or large corporations.
While ransomware groups celebrate their easy wins, municipalities struggle to bounce back.
When Dallas was hit by the ransomware attack that took down its systems, the city was still trying to make progress in becoming fully operational even a month later.
The only good news is that the city worked with cybersecurity experts to try to enhance its security posture and take additional steps after the attack occurred.
These attacks leave lasting effects that can take extended periods of time to recover from, making municipalities all the more vulnerable in the meantime.
The Future of Cyber Safety for Municipalities Like Dallas, municipalities will have to start being actively involved in implementing cybersecurity practices and procedures, according to Daniel Basile, chief information security officer at Texas A&M System's Shared Service Center.
Though lack of staffing is an issue that needs to be addressed, Swimlane's Tausek believes that adding new members to cybersecurity teams won't necessarily rapidly resolve the difficulty in responding to constant ransomware attacks.


This Cyber News was published on www.darkreading.com. Publication date: Fri, 08 Dec 2023 20:05:10 +0000


Cyber News related to Municipalities Face a Constant Battle as Ransomware Snowballs

Municipalities Face a Constant Battle as Ransomware Snowballs - Municipalities in the United States, and globally, are experiencing a fresh wave of ransomware attacks, with even big cities like Dallas falling to the gangs' activities. In a prime example of the trend, on Nov. 7, the Play ransomware gang posted ...
1 year ago Darkreading.com Cuba
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
3 months ago Cybersecuritynews.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
1 month ago Cybersecuritynews.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape
Hugging Face dodged a cyber-bullet with Lasso Security's help - Further validating how brittle the security of generative AI models and their platforms are, Lasso Security helped Hugging Face dodge a potentially devastating attack by discovering that 1,681 API tokens were at risk of being compromised. The tokens ...
1 year ago Venturebeat.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
1 year ago Securityboulevard.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
7 months ago Securelist.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com LockBit BianLian Akira Cactus
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
1 year ago Techrepublic.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
1 year ago Bleepingcomputer.com Medusa Cuba STORMOUS
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
1 year ago Bleepingcomputer.com LockBit Inc ransom Black Basta
Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware - COMMENTARY. The US government is ramping up efforts to stem the increasingly disruptive scourge of ransomware attacks. The State Department recently offered up to $15 million for information on LockBit, and $10 million for information on the ...
1 year ago Darkreading.com LockBit
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
1 year ago Bleepingcomputer.com
How ransomware gangs are engaging - As ransomware gangs continue to market themselves as legitimate businesses complete with customer service representatives, new research from Sophos showed that threat actors are expanding public relations efforts to further pressure victims into ...
1 year ago Techtarget.com LockBit Snatch
The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
1 year ago Bleepingcomputer.com LockBit Qilin Noescape