Ransomware attacks are creating risks to safety by disrupting public services including utilities, emergency services and education, the Federal Bureau of Investigation (FBI) has warned.
The alert says that local government agencies are attractive targets for cyber criminals to hit with ransomware, because they oversee critical services on which the public depends.
Ransomware attacks against local governments have caused disruptions to healthcare, emergency services and safety operations, and have seen sensitive personal data stolen by hackers, putting individuals at further risk of fraud and cybercrime. The attacks targeting local services show no signs of slowing down.
For example, the FBI details how a January 2022 ransomware attack forced a US county to take computer systems offline, close public offices and obliged it to run emergency response operations on backup contingencies.
The attack also knocked out county jail surveillance cameras, data collection capabilities, internet access, and deactivated automated doors, resulting in safety concerns and a facility lockdown.
Another ransomware incident against local government services in September 2021 led to a county courthouse being closed and cyber criminals stealing personal information about residents and employees. The hackers published the data on the dark web after the county refused to pay the ransom.
In May 2021, a PayOrGrief ransomware attack infected local US county government systems, making servers inaccessible and disrupting online services, including the ability to book COVID-19 vaccination appointments. The attackers claimed to have stolen 2.5GB of data containing internal documents and personal information.
The examples of cyberattacks detailed in the alert represent just a small fraction of the total number of ransomware incidents against government services during the past year alone – and only higher education and academia were more common victims for ransomware attacks during 2021.
While the FBI and other law enforcement agencies say victims of ransomware attacks shouldn’t pay the ransom demand for a decryption key because it just encourages further attacks, in many cases the victims will pay because they feel as if it’s the quickest way to restore vital services – it’s why criminals target public services.
But even if victims pay the ransom, restoring the network is an arduous task – and there’s no guarantee that the decryption key will work properly, or that the ransomware gangs won’t return with more attacks.
Whether the victim pays the ransom or not, the FBI urges US organisations to report ransomware incidents as it could help prevent future attacks against others.
The FBI has listed several cybersecurity measures that organisations can implement to help avoid becoming the victim of a ransomware attack. These include keeping operating systems and software up to date with security patches, so cyber criminals can’t exploit known vulnerabilities to access networks, and to require strong, unique passwords for online accounts, so it’s trickier for hackers to guess passwords.
It’s also recommended that organisations require multi-factor authentication for online services including webmail, VPNs and accounts with access to critical systems, in order to provide an additional barrier against attacks.
Organisations should also keep offline backups of data and ensure they’re regularly updated and tested, so in the event of a ransomware attack, it’s possible to restore the network without paying cyber criminals for a decryption key.