\u00a0Why\u00a0are so many US public entities being hit by ransomware?<\/strong><\/span><\/p>\n (NOTE:\u00a0<\/strong> This article comes to us courtesy of the Emsisoft blog. It was written by Jareth who says “a picture is worth a thousand words but unfortunately I can’t draw…” We hope you’ll take 5 minutes and read it. It is a well-written, easy-to-read, and very informative article. We thank the Emsisoft team and Jareth for allowing us to share this article with all of you.)<\/em><\/span><\/p>\n Within the same week in June 2019, two\u00a0Florida towns fell victim to ransomware<\/a>\u00a0and paid a little over $1 million to hackers to retrieve their data and regain control of their servers.<\/span><\/p>\n \u201cI would\u2019ve never dreamed this could\u2019ve happened, especially in a small town like this,\u201d said the mayor of Lake City, one of the two Florida towns victimized by ransomware.<\/span><\/p>\n The Florida towns are the latest victims in a string of ransomware attacks on US governments. Since 2013, there have been 169 successful ransomware attacks on state and local US governments, according to figures collated by threat intelligence company\u00a0Recorded Future<\/a>.<\/span><\/p>\n In 2018, Atlanta, Georgia, was\u00a0hit hard by SamSam ransomware<\/a>, which knocked out a range of critical public services, including water requests, court fee payments, online bill payments and warrant issuances. In April 2019,\u00a0Ryuk ransomware<\/a>\u00a0infected a number of municipalities across the US, disrupting department phone lines in Imperial County, California and forcing system shutdowns in Stuart, Florida. A slew of local police departments have also been affected by ransomware in recent years, including sheriff\u2019s offices in Maine, Arkansas and Lauderdale.<\/span><\/p>\n On May 2019, hackers used a new strain of the RobbinHood ransomware to take control of 10,000 computers belonging to the Baltimore government. The hackers threatened to delete the data unless the city handed over about $75,000 worth of bitcoin.<\/span><\/p>\n Baltimore refused. As a result, government email systems and payment platforms were forced offline for weeks, leaving citizens unable to access a wide range of essential services. In total, the attack caused the city $18 million in damage \u2013 enough to pay the original ransom 240 times over.<\/span><\/p>\n These incidents have prompted speculation over whether the attacks are being carried out by run-of-the-mill opportunists out to make a quick buck, or state-sponsored cyberterrorists hell-bent on causing wide-scale economic disruption.<\/span><\/p>\n The main objective of ransomware is financial gain. Many departments in the public sector are responsible for providing services that are essential to a city\u2019s functioning. If these services are taken offline for extended periods of time, it can have far-reaching consequences on the citizens who live in the area.<\/span><\/p>\n As a result, many cybercriminals believe that public departments will respond more quickly than organizations in the private sector and be more willing to hand over the ransom in order to minimize downtime and keep their systems running smoothly. Ransomware attacks on public entities also receive a lot of media coverage, which reinforces the idea that the attacks are highly profitable.<\/span><\/p>\n However, research shows that this may not be true. According to Recorded Future, just 17 percent of state and local government entities affected by ransomware pay the ransom. Meanwhile, figures from\u00a0CyberEdge<\/a>\u00a0show that almost half (45 percent) of private organizations hand over the money.<\/span><\/p>\n Why are local departments less likely to cooperate? It largely comes down to protocol. At both a federal and local level, most municipalities strongly discourage their departments from making ransomware payments. In much the same way that most countries won\u2019t negotiate with terrorists, many public entities have policies against making ransomware payments. No-payment policies are intended to disincentivize further ransomware attacks.<\/span><\/p>\n It is important to note that money isn\u2019t always the primary goal. In some cases, cybercriminals single out public entities with the aim of gaining notoriety, which can raise the profile of their name and lend weight to future attacks. In other situations, ransomware attacks are politically motivated and designed to cause maximum disruption to a specific region or organization, or used as a smokescreen to disguise more devious cyberespionage.<\/span><\/p>\n Whenever it comes to light that a government department has been affected by ransomware, there\u2019s usually one question on the tip of the public\u2019s collective tongue: How could this happen? Given that public departments provide critical services and are often responsible for safeguarding thousands of private records, shouldn\u2019t their systems be up to the task of preventing ransomware?<\/span><\/p>\n In an ideal world, public entities would invest heavily in cybersecurity and have robust strategies in place to mitigate the effects of ransomware. Unfortunately, this isn\u2019t the case, and many public entities are actually more vulnerable to ransomware than private companies. There are two main reasons for this:<\/span><\/p>\n The world of malware moves quickly, and those caught using old technology are at greater risk of infection. Many local public departments either don\u2019t have the budget to keep their cybersecurity infrastructure up to date, or are kept far behind the curve due to bureaucratic inefficiencies.<\/span><\/p>\n According to a\u00a0report by ICMA<\/a>, 29.3 percent of local governments rely on cybersecurity technology that is one generation behind current best practice. Even more worryingly, a further 8.7 percent depend on technology that is more than one generation behind current best practices. Relying on antiquated cybersecurity solutions leaves local governments more vulnerable to attack.<\/span><\/p>\n Government departments exist to serve the public. They tend to have lots of public-facing web services, which means there are many possible points of vulnerability that can potentially be exploited by ransomware distributors.<\/span><\/p>\n In addition, public entities often employ many people who must have access to servers. This makes for a bigger attack surface and increases the chances of human error, which can lead to ransomware infection.<\/span><\/p>\n The recent ransomware attacks on Florida, Baltimore and Atlanta serve as a reminder that the public sector is certainly not immune to the effects of ransomware.<\/span><\/p>\n While the recent attacks undoubtedly taught the affected cities some important lessons in cybersecurity, it\u2019s unlikely that they\u2019ll be the last to experience such an attack. Until we see a radical shift in how municipalities approach ransomware and cybersecurity in general, it seems probable that we\u2019ll continue to see more ransomware attacks on the public sector in the future.<\/span><\/p>\n Emsisoft provides virus, malware, PUPs, and ransomware protection. See our Emsisoft page.<\/a><\/span><\/p>\n Read the original Emsisoft blog post by Jareth here.<\/span><\/a><\/span><\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" \u00a0Why\u00a0are so many US public entities being hit by ransomware? (NOTE:\u00a0 This article comes to us courtesy of the Emsisoft blog. It was written by Jareth who says “a picture is worth a thousand words but unfortunately I can’t draw…” We hope you’ll take 5 minutes and read it. It is a well-written, easy-to-read, and very informative article.\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":9017,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,1682,1656,1674],"tags":[1749,3303,3304,3302,3301],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/17153"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=17153"}],"version-history":[{"count":7,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/17153\/revisions"}],"predecessor-version":[{"id":17164,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/17153\/revisions\/17164"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media\/9017"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=17153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=17153"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=17153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Hackers have the public sector in their sights<\/span><\/h2>\n
Why are public entities targeted?<\/span><\/h2>\n
Why are public entities vulnerable to ransomware?<\/span><\/h2>\n
1. Outdated technology<\/span><\/h3>\n
2. Big attack surface<\/span><\/h3>\n
Ransomware and local governments<\/span><\/h2>\n
\n