Municipalities in the United States, and globally, are experiencing a fresh wave of ransomware attacks, with even big cities like Dallas falling to the gangs' activities.
In a prime example of the trend, on Nov. 7, the Play ransomware gang posted information it claimed to have stolen from Dallas County in an alleged ransomware attack, with threats of posting more if the group does not get its desired payment.
A Recent History of the Ransomware Attacks Unfortunately, the incident wasn't a one-off - far from it.
This instance was not the first time that the perpetrator, the Royal ransomware group, had attacked the city, either.
In another example of the struggle between ransomware groups and municipalities, Rock County, Wisc., experienced a cyberattack Sept. 29 against its Public Health Department, compromising its computer systems.
The Cuba ransomware gang claimed responsibility for that attack, and announced that the stolen data included financial documents and tax information.
The trend is not just a US issue: On Oct. 30, 70 municipalities in Germany were affected by a ransomware incident after a service provider had to restrict access to prevent the spread of malware.
Prior to that, schools in Hungary and Slovakia were victims of attacks by ESXiArgs ransomware.
As the threat of ransomware attacks against municipalities remains high, the security protections for these targets have remained limited.
Municipalities Make for the Perfect Victim While threat actor tactics and tools evolve and the volume of their attacks increases, the data shows that municipalities are falling behind and failing to rise to the occasion when it comes to protecting themselves.
Municipalities are notoriously understaffed, underfunded, and possess little training when it comes to cybersecurity preparation and mitigation.
When ransomware groups seek out their targets, they know that municipalities will be unprepared to handle their attacks, which will either lead to success and potential notoriety or, even better, an easy ransom payment.
Of the organizations whose data was encrypted in an attack, 99% got their information back, with 34% reporting that they paid a ransom and 75% relying on backups.
Nick Tausek, lead security automation architect at Swimlane, notes that the local public sector historically has a worse security posture than the federal government or large corporations.
While ransomware groups celebrate their easy wins, municipalities struggle to bounce back.
When Dallas was hit by the ransomware attack that took down its systems, the city was still trying to make progress in becoming fully operational even a month later.
The only good news is that the city worked with cybersecurity experts to try to enhance its security posture and take additional steps after the attack occurred.
These attacks leave lasting effects that can take extended periods of time to recover from, making municipalities all the more vulnerable in the meantime.
The Future of Cyber Safety for Municipalities Like Dallas, municipalities will have to start being actively involved in implementing cybersecurity practices and procedures, according to Daniel Basile, chief information security officer at Texas A&M System's Shared Service Center.
Though lack of staffing is an issue that needs to be addressed, Swimlane's Tausek believes that adding new members to cybersecurity teams won't necessarily rapidly resolve the difficulty in responding to constant ransomware attacks.
This Cyber News was published on www.darkreading.com. Publication date: Fri, 08 Dec 2023 20:05:10 +0000